And the mail is failing. Here is what I have done:
I determined that in: /usr/share/logwatch/default.conf/logwatch.conf mailer = "/usr/sbin/sendmail -t"
so in: /etc/logwatch/conf/logwatch.conf mailer = "/usr/bin/mailx -t"
In /etc/aliases I have:
# Person who should get root's mail root: rgm
and I ran newaliases
'journalctl |grep -i logwatch' shows the following (along with other lines):
Jan 02 03:32:01 lx120e.htt-consult.com run-parts[16112]: (/etc/cron.daily) starting 0logwatch Jan 02 03:32:12 lx120e.htt-consult.com run-parts[16429]: (/etc/cron.daily) finished 0logwatch Jan 02 03:32:16 lx120e.htt-consult.com setroubleshoot[16427]: dbus avc(node=lx120e.htt-consult.com type=AVC msg=audit(1388651532.024:734): avc: denied { write } for pid=16425 comm="mailx" name="root" dev="dm-0" ino=1308161 scontext=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023 tcontext=system_u:object_r:admin_home_t:s0 tclass=dir node=lx120e.htt-consult.com type=SYSCALL msg=audit(1388651532.024:734): arch=40000003 syscall=5 success=no exit=-13 a0=9b15128 a1=8441 a2=1b6 a3=809134c items=0 ppid=1 pid=16425 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=15 tty=(none) comm="mailx" exe="/usr/bin/mailx" subj=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023 key=(null) Jan 02 03:32:16 lx120e.htt-consult.com setroubleshoot[16427]: AuditRecordReceiver.add_record_to_cache(): node=lx120e.htt-consult.com type=AVC msg=audit(1388651532.24:734): avc: denied { write } for pid=16425 comm="mailx" name="root" dev="dm-0" ino=1308161 scontext=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023 tcontext=system_u:object_r:admin_home_t:s0 tclass=dir Jan 02 03:32:16 lx120e.htt-consult.com setroubleshoot[16427]: AuditRecordReceiver.add_record_to_cache(): node=lx120e.htt-consult.com type=SYSCALL msg=audit(1388651532.24:734): arch=40000003 syscall=5 success=no exit=-13 a0=9b15128 a1=8441 a2=1b6 a3=809134c items=0 ppid=1 pid=16425 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=15 tty=(none) comm="mailx" exe="/usr/bin/mailx" subj=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023 key=(null) Jan 02 03:32:16 lx120e.htt-consult.com setroubleshoot[16427]: analyze_avc() avc=scontext=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023 tcontext=system_u:object_r:admin_home_t:s0 access=['write'] tclass=dir tpath=/root
oh, here are the mail files:
# ls -ls /var/spool/mail/ total 8 0 -rw-rw----. 1 rgm mail 0 Jan 2 16:47 rgm 8 -rw-------. 1 root mail 5886 Dec 31 12:27 root 0 -rw-rw----. 1 rpc mail 0 Dec 25 13:27 rpc
The content in root mail is from when I had postfix installed. I have since deleted it to work on getting mailx to work instead.
=================================
perhaps /var/spool/mail/root needs 660 permissions?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 01/02/2014 05:29 PM, Robert Moskowitz wrote:
And the mail is failing. Here is what I have done:
I determined that in: /usr/share/logwatch/default.conf/logwatch.conf mailer = "/usr/sbin/sendmail -t"
so in: /etc/logwatch/conf/logwatch.conf mailer = "/usr/bin/mailx -t"
In /etc/aliases I have:
# Person who should get root's mail root: rgm
and I ran newaliases
'journalctl |grep -i logwatch' shows the following (along with other lines):
Jan 02 03:32:01 lx120e.htt-consult.com run-parts[16112]: (/etc/cron.daily) starting 0logwatch Jan 02 03:32:12 lx120e.htt-consult.com run-parts[16429]: (/etc/cron.daily) finished 0logwatch Jan 02 03:32:16 lx120e.htt-consult.com setroubleshoot[16427]: dbus avc(node=lx120e.htt-consult.com type=AVC msg=audit(1388651532.024:734): avc: denied { write } for pid=16425 comm="mailx" name="root" dev="dm-0" ino=1308161 scontext=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023 tcontext=system_u:object_r:admin_home_t:s0 tclass=dir node=lx120e.htt-consult.com type=SYSCALL msg=audit(1388651532.024:734): arch=40000003 syscall=5 success=no exit=-13 a0=9b15128 a1=8441 a2=1b6 a3=809134c items=0 ppid=1 pid=16425 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=15 tty=(none) comm="mailx" exe="/usr/bin/mailx" subj=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023 key=(null) Jan 02 03:32:16 lx120e.htt-consult.com setroubleshoot[16427]: AuditRecordReceiver.add_record_to_cache(): node=lx120e.htt-consult.com type=AVC msg=audit(1388651532.24:734): avc: denied { write } for pid=16425 comm="mailx" name="root" dev="dm-0" ino=1308161 scontext=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023 tcontext=system_u:object_r:admin_home_t:s0 tclass=dir Jan 02 03:32:16 lx120e.htt-consult.com setroubleshoot[16427]: AuditRecordReceiver.add_record_to_cache(): node=lx120e.htt-consult.com type=SYSCALL msg=audit(1388651532.24:734): arch=40000003 syscall=5 success=no exit=-13 a0=9b15128 a1=8441 a2=1b6 a3=809134c items=0 ppid=1 pid=16425 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=15 tty=(none) comm="mailx" exe="/usr/bin/mailx" subj=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023 key=(null) Jan 02 03:32:16 lx120e.htt-consult.com setroubleshoot[16427]: analyze_avc() avc=scontext=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023 tcontext=system_u:object_r:admin_home_t:s0 access=['write'] tclass=dir tpath=/root
oh, here are the mail files:
# ls -ls /var/spool/mail/ total 8 0 -rw-rw----. 1 rgm mail 0 Jan 2 16:47 rgm 8 -rw-------. 1 root mail 5886 Dec 31 12:27 root 0 -rw-rw----. 1 rpc mail 0 Dec 25 13:27 rpc
The content in root mail is from when I had postfix installed. I have since deleted it to work on getting mailx to work instead.
=================================
perhaps /var/spool/mail/root needs 660 permissions?
Do you know what mailx is trying to write into the /root directory?
On 01/03/2014 11:21 AM, Daniel J Walsh wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 01/02/2014 05:29 PM, Robert Moskowitz wrote:
And the mail is failing. Here is what I have done:
I determined that in: /usr/share/logwatch/default.conf/logwatch.conf mailer = "/usr/sbin/sendmail -t"
so in: /etc/logwatch/conf/logwatch.conf mailer = "/usr/bin/mailx -t"
In /etc/aliases I have:
# Person who should get root's mail root: rgm
and I ran newaliases
'journalctl |grep -i logwatch' shows the following (along with other lines):
Jan 02 03:32:01 lx120e.htt-consult.com run-parts[16112]: (/etc/cron.daily) starting 0logwatch Jan 02 03:32:12 lx120e.htt-consult.com run-parts[16429]: (/etc/cron.daily) finished 0logwatch Jan 02 03:32:16 lx120e.htt-consult.com setroubleshoot[16427]: dbus avc(node=lx120e.htt-consult.com type=AVC msg=audit(1388651532.024:734): avc: denied { write } for pid=16425 comm="mailx" name="root" dev="dm-0" ino=1308161 scontext=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023 tcontext=system_u:object_r:admin_home_t:s0 tclass=dir node=lx120e.htt-consult.com type=SYSCALL msg=audit(1388651532.024:734): arch=40000003 syscall=5 success=no exit=-13 a0=9b15128 a1=8441 a2=1b6 a3=809134c items=0 ppid=1 pid=16425 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=15 tty=(none) comm="mailx" exe="/usr/bin/mailx" subj=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023 key=(null) Jan 02 03:32:16 lx120e.htt-consult.com setroubleshoot[16427]: AuditRecordReceiver.add_record_to_cache(): node=lx120e.htt-consult.com type=AVC msg=audit(1388651532.24:734): avc: denied { write } for pid=16425 comm="mailx" name="root" dev="dm-0" ino=1308161 scontext=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023 tcontext=system_u:object_r:admin_home_t:s0 tclass=dir Jan 02 03:32:16 lx120e.htt-consult.com setroubleshoot[16427]: AuditRecordReceiver.add_record_to_cache(): node=lx120e.htt-consult.com type=SYSCALL msg=audit(1388651532.24:734): arch=40000003 syscall=5 success=no exit=-13 a0=9b15128 a1=8441 a2=1b6 a3=809134c items=0 ppid=1 pid=16425 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=15 tty=(none) comm="mailx" exe="/usr/bin/mailx" subj=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023 key=(null) Jan 02 03:32:16 lx120e.htt-consult.com setroubleshoot[16427]: analyze_avc() avc=scontext=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023 tcontext=system_u:object_r:admin_home_t:s0 access=['write'] tclass=dir tpath=/root
oh, here are the mail files:
# ls -ls /var/spool/mail/ total 8 0 -rw-rw----. 1 rgm mail 0 Jan 2 16:47 rgm 8 -rw-------. 1 root mail 5886 Dec 31 12:27 root 0 -rw-rw----. 1 rpc mail 0 Dec 25 13:27 rpc
The content in root mail is from when I had postfix installed. I have since deleted it to work on getting mailx to work instead.
=================================
perhaps /var/spool/mail/root needs 660 permissions?
Do you know what mailx is trying to write into the /root directory?
The output of logwatch. I edited /etc/logwatch/conf/logwatch.conf
with the line:
mailer = "/usr/bin/mailx -t"
To override /usr/share/logwatch/default.conf/logwatch.conf
mailer = "/usr/sbin/sendmail -t"
On Thu, 02 Jan 2014 17:29:20 -0500 Robert Moskowitz rgm@htt-consult.com wrote:
And the mail is failing. Here is what I have done:
I determined that in: /usr/share/logwatch/default.conf/logwatch.conf mailer = "/usr/sbin/sendmail -t"
so in: /etc/logwatch/conf/logwatch.conf mailer = "/usr/bin/mailx -t"
mailer = /usr/bin/mailx -s Logwatch user # where user is you.
One stop at a time
sudo updatedb | locate dead.letter
___ Regards, Frank www.frankly3d.com
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 01/03/2014 11:34 AM, Robert Moskowitz wrote:
On 01/03/2014 11:21 AM, Daniel J Walsh wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 01/02/2014 05:29 PM, Robert Moskowitz wrote:
And the mail is failing. Here is what I have done:
I determined that in: /usr/share/logwatch/default.conf/logwatch.conf mailer = "/usr/sbin/sendmail -t"
so in: /etc/logwatch/conf/logwatch.conf mailer = "/usr/bin/mailx -t"
In /etc/aliases I have:
# Person who should get root's mail root: rgm
and I ran newaliases
'journalctl |grep -i logwatch' shows the following (along with other lines):
Jan 02 03:32:01 lx120e.htt-consult.com run-parts[16112]: (/etc/cron.daily) starting 0logwatch Jan 02 03:32:12 lx120e.htt-consult.com run-parts[16429]: (/etc/cron.daily) finished 0logwatch Jan 02 03:32:16 lx120e.htt-consult.com setroubleshoot[16427]: dbus avc(node=lx120e.htt-consult.com type=AVC msg=audit(1388651532.024:734): avc: denied { write } for pid=16425 comm="mailx" name="root" dev="dm-0" ino=1308161 scontext=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023 tcontext=system_u:object_r:admin_home_t:s0 tclass=dir node=lx120e.htt-consult.com type=SYSCALL msg=audit(1388651532.024:734): arch=40000003 syscall=5 success=no exit=-13 a0=9b15128 a1=8441 a2=1b6 a3=809134c items=0 ppid=1 pid=16425 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=15 tty=(none) comm="mailx" exe="/usr/bin/mailx" subj=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023 key=(null) Jan 02 03:32:16 lx120e.htt-consult.com setroubleshoot[16427]: AuditRecordReceiver.add_record_to_cache(): node=lx120e.htt-consult.com type=AVC msg=audit(1388651532.24:734): avc: denied { write } for pid=16425 comm="mailx" name="root" dev="dm-0" ino=1308161 scontext=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023 tcontext=system_u:object_r:admin_home_t:s0 tclass=dir Jan 02 03:32:16 lx120e.htt-consult.com setroubleshoot[16427]: AuditRecordReceiver.add_record_to_cache(): node=lx120e.htt-consult.com type=SYSCALL msg=audit(1388651532.24:734): arch=40000003 syscall=5 success=no exit=-13 a0=9b15128 a1=8441 a2=1b6 a3=809134c items=0 ppid=1 pid=16425 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=15 tty=(none) comm="mailx" exe="/usr/bin/mailx" subj=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023 key=(null) Jan 02 03:32:16 lx120e.htt-consult.com setroubleshoot[16427]: analyze_avc() avc=scontext=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023 tcontext=system_u:object_r:admin_home_t:s0 access=['write'] tclass=dir tpath=/root
oh, here are the mail files:
# ls -ls /var/spool/mail/ total 8 0 -rw-rw----. 1 rgm mail 0 Jan 2 16:47 rgm 8 -rw-------. 1 root mail 5886 Dec 31 12:27 root 0 -rw-rw----. 1 rpc mail 0 Dec 25 13:27 rpc
The content in root mail is from when I had postfix installed. I have since deleted it to work on getting mailx to work instead.
=================================
perhaps /var/spool/mail/root needs 660 permissions?
Do you know what mailx is trying to write into the /root directory?
The output of logwatch. I edited /etc/logwatch/conf/logwatch.conf
with the line:
mailer = "/usr/bin/mailx -t"
To override /usr/share/logwatch/default.conf/logwatch.conf
mailer = "/usr/sbin/sendmail -t"
Ok I just added a patch to git to allow logwatch_mail_t to write to the /root directory certain files.
sesearch -T -s logwatch_mail_t | grep mail_home_rw_t type_transition logwatch_mail_t admin_home_t : dir mail_home_rw_t ".maildir"; type_transition logwatch_mail_t user_home_dir_t : dir mail_home_rw_t ".maildir"; type_transition logwatch_mail_t admin_home_t : file mail_home_rw_t ".esmtp_queue"; type_transition logwatch_mail_t admin_home_t : dir mail_home_rw_t "Maildir"; type_transition logwatch_mail_t user_home_dir_t : file mail_home_rw_t ".esmtp_queue"; type_transition logwatch_mail_t user_home_dir_t : dir mail_home_rw_t "Maildir";
You could do something similar by adding:
policy_module(mylogwatch, 1.0) gen_require(` type logwatch_mail_t; ')
mta_filetrans_admin_home_content(logwatch_mail_t)
On 01/03/2014 11:49 AM, Frank Murphy wrote:
On Thu, 02 Jan 2014 17:29:20 -0500 Robert Moskowitz rgm@htt-consult.com wrote:
And the mail is failing. Here is what I have done:
I determined that in: /usr/share/logwatch/default.conf/logwatch.conf mailer = "/usr/sbin/sendmail -t"
so in: /etc/logwatch/conf/logwatch.conf mailer = "/usr/bin/mailx -t"
mailer = /usr/bin/mailx -s Logwatch user # where user is you.
Why subject? Do you mean that I should not include -t which seems to have the same meaning in sendmail and mailx?
One stop at a time
step?
sudo updatedb | locate dead.letter
Nothing. No dead.letter
btw, I do use updatedb and locate regularly.
On 01/03/2014 12:03 PM, Daniel J Walsh wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 01/03/2014 11:34 AM, Robert Moskowitz wrote:
On 01/03/2014 11:21 AM, Daniel J Walsh wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 01/02/2014 05:29 PM, Robert Moskowitz wrote:
And the mail is failing. Here is what I have done:
I determined that in: /usr/share/logwatch/default.conf/logwatch.conf mailer = "/usr/sbin/sendmail -t"
so in: /etc/logwatch/conf/logwatch.conf mailer = "/usr/bin/mailx -t"
In /etc/aliases I have:
# Person who should get root's mail root: rgm
and I ran newaliases
'journalctl |grep -i logwatch' shows the following (along with other lines):
Jan 02 03:32:01 lx120e.htt-consult.com run-parts[16112]: (/etc/cron.daily) starting 0logwatch Jan 02 03:32:12 lx120e.htt-consult.com run-parts[16429]: (/etc/cron.daily) finished 0logwatch Jan 02 03:32:16 lx120e.htt-consult.com setroubleshoot[16427]: dbus avc(node=lx120e.htt-consult.com type=AVC msg=audit(1388651532.024:734): avc: denied { write } for pid=16425 comm="mailx" name="root" dev="dm-0" ino=1308161 scontext=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023 tcontext=system_u:object_r:admin_home_t:s0 tclass=dir node=lx120e.htt-consult.com type=SYSCALL msg=audit(1388651532.024:734): arch=40000003 syscall=5 success=no exit=-13 a0=9b15128 a1=8441 a2=1b6 a3=809134c items=0 ppid=1 pid=16425 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=15 tty=(none) comm="mailx" exe="/usr/bin/mailx" subj=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023 key=(null) Jan 02 03:32:16 lx120e.htt-consult.com setroubleshoot[16427]: AuditRecordReceiver.add_record_to_cache(): node=lx120e.htt-consult.com type=AVC msg=audit(1388651532.24:734): avc: denied { write } for pid=16425 comm="mailx" name="root" dev="dm-0" ino=1308161 scontext=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023 tcontext=system_u:object_r:admin_home_t:s0 tclass=dir Jan 02 03:32:16 lx120e.htt-consult.com setroubleshoot[16427]: AuditRecordReceiver.add_record_to_cache(): node=lx120e.htt-consult.com type=SYSCALL msg=audit(1388651532.24:734): arch=40000003 syscall=5 success=no exit=-13 a0=9b15128 a1=8441 a2=1b6 a3=809134c items=0 ppid=1 pid=16425 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=15 tty=(none) comm="mailx" exe="/usr/bin/mailx" subj=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023 key=(null) Jan 02 03:32:16 lx120e.htt-consult.com setroubleshoot[16427]: analyze_avc() avc=scontext=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023 tcontext=system_u:object_r:admin_home_t:s0 access=['write'] tclass=dir tpath=/root
oh, here are the mail files:
# ls -ls /var/spool/mail/ total 8 0 -rw-rw----. 1 rgm mail 0 Jan 2 16:47 rgm 8 -rw-------. 1 root mail 5886 Dec 31 12:27 root 0 -rw-rw----. 1 rpc mail 0 Dec 25 13:27 rpc
The content in root mail is from when I had postfix installed. I have since deleted it to work on getting mailx to work instead.
=================================
perhaps /var/spool/mail/root needs 660 permissions?
Do you know what mailx is trying to write into the /root directory?
The output of logwatch. I edited /etc/logwatch/conf/logwatch.conf
with the line:
mailer = "/usr/bin/mailx -t"
To override /usr/share/logwatch/default.conf/logwatch.conf
mailer = "/usr/sbin/sendmail -t"
Ok I just added a patch to git to allow logwatch_mail_t to write to the /root directory certain files.
sesearch -T -s logwatch_mail_t | grep mail_home_rw_t type_transition logwatch_mail_t admin_home_t : dir mail_home_rw_t ".maildir"; type_transition logwatch_mail_t user_home_dir_t : dir mail_home_rw_t ".maildir"; type_transition logwatch_mail_t admin_home_t : file mail_home_rw_t ".esmtp_queue"; type_transition logwatch_mail_t admin_home_t : dir mail_home_rw_t "Maildir"; type_transition logwatch_mail_t user_home_dir_t : file mail_home_rw_t ".esmtp_queue"; type_transition logwatch_mail_t user_home_dir_t : dir mail_home_rw_t "Maildir";
You could do something similar by adding:
policy_module(mylogwatch, 1.0) gen_require(` type logwatch_mail_t; ')
mta_filetrans_admin_home_content(logwatch_mail_t)
Dan, you are way beyond me here. I need pretty clear cookbooks. Changing a line in a .conf is one thing, what are you telling me to do here? Just cut and paste from policy... to mta... into a rooted terminal session?
On Fri, 03 Jan 2014 12:19:16 -0500 Robert Moskowitz rgm@htt-consult.com wrote:
so in: /etc/logwatch/conf/logwatch.conf mailer = "/usr/bin/mailx -t"
mailer = /usr/bin/mailx -s Logwatch user # where user is you.
Why subject? Do you mean that I should not include -t
Don't include -t
which seems to have the same meaning in sendmail and mailx?
man mailx -t The message to be sent is expected to contain a message header with `To:', `Cc:', or `Bcc:' fields giving its recipients. Recipients speci‐ fied on the command line are ignored.
One stop at a time
step?
yep
sudo updatedb | locate dead.letter
Nothing. No dead.letter
dead.letter means an email was created but couldn't find user.
___ Regards, Frank www.frankly3d.com
On 01/03/2014 12:34 PM, Frank Murphy wrote:
On Fri, 03 Jan 2014 12:19:16 -0500 Robert Moskowitz rgm@htt-consult.com wrote:
so in: /etc/logwatch/conf/logwatch.conf mailer = "/usr/bin/mailx -t"
mailer = /usr/bin/mailx -s Logwatch user # where user is you.
Why subject? Do you mean that I should not include -t
Don't include -t
which seems to have the same meaning in sendmail and mailx?
man mailx -t The message to be sent is expected to contain a message header with `To:', `Cc:', or `Bcc:' fields giving its recipients. Recipients speci‐ fied on the command line are ignored.
Well we will see how it goes. I will let you know.
One stop at a time
step?
yep
sudo updatedb | locate dead.letter
Nothing. No dead.letter
dead.letter means an email was created but couldn't find user.
ergo no mail attempted?
On Fri, 03 Jan 2014 13:09:58 -0500 Robert Moskowitz rgm@htt-consult.com wrote:
Well we will see how it goes. I will let you know.
Just trying to figure out where the problems are coming for you.
ergo no mail attempted?
attempted, but not delivered.
___ Regards, Frank www.frankly3d.com
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 01/03/2014 12:25 PM, Robert Moskowitz wrote:
On 01/03/2014 12:03 PM, Daniel J Walsh wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 01/03/2014 11:34 AM, Robert Moskowitz wrote:
On 01/03/2014 11:21 AM, Daniel J Walsh wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 01/02/2014 05:29 PM, Robert Moskowitz wrote:
And the mail is failing. Here is what I have done:
I determined that in: /usr/share/logwatch/default.conf/logwatch.conf mailer = "/usr/sbin/sendmail -t"
so in: /etc/logwatch/conf/logwatch.conf mailer = "/usr/bin/mailx -t"
In /etc/aliases I have:
# Person who should get root's mail root: rgm
and I ran newaliases
'journalctl |grep -i logwatch' shows the following (along with other lines):
Jan 02 03:32:01 lx120e.htt-consult.com run-parts[16112]: (/etc/cron.daily) starting 0logwatch Jan 02 03:32:12 lx120e.htt-consult.com run-parts[16429]: (/etc/cron.daily) finished 0logwatch Jan 02 03:32:16 lx120e.htt-consult.com setroubleshoot[16427]: dbus avc(node=lx120e.htt-consult.com type=AVC msg=audit(1388651532.024:734): avc: denied { write } for pid=16425 comm="mailx" name="root" dev="dm-0" ino=1308161 scontext=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023 tcontext=system_u:object_r:admin_home_t:s0 tclass=dir node=lx120e.htt-consult.com type=SYSCALL msg=audit(1388651532.024:734): arch=40000003 syscall=5 success=no exit=-13 a0=9b15128 a1=8441 a2=1b6 a3=809134c items=0 ppid=1 pid=16425 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=15 tty=(none) comm="mailx" exe="/usr/bin/mailx" subj=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023 key=(null) Jan 02 03:32:16 lx120e.htt-consult.com setroubleshoot[16427]: AuditRecordReceiver.add_record_to_cache(): node=lx120e.htt-consult.com type=AVC msg=audit(1388651532.24:734): avc: denied { write } for pid=16425 comm="mailx" name="root" dev="dm-0" ino=1308161 scontext=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023 tcontext=system_u:object_r:admin_home_t:s0 tclass=dir Jan 02 03:32:16 lx120e.htt-consult.com setroubleshoot[16427]: AuditRecordReceiver.add_record_to_cache(): node=lx120e.htt-consult.com type=SYSCALL msg=audit(1388651532.24:734): arch=40000003 syscall=5 success=no exit=-13 a0=9b15128 a1=8441 a2=1b6 a3=809134c items=0 ppid=1 pid=16425 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=15 tty=(none) comm="mailx" exe="/usr/bin/mailx" subj=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023 key=(null) Jan 02 03:32:16 lx120e.htt-consult.com setroubleshoot[16427]: analyze_avc() avc=scontext=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023 tcontext=system_u:object_r:admin_home_t:s0 access=['write'] tclass=dir tpath=/root
oh, here are the mail files:
# ls -ls /var/spool/mail/ total 8 0 -rw-rw----. 1 rgm mail 0 Jan 2 16:47 rgm 8 -rw-------. 1 root mail 5886 Dec 31 12:27 root 0 -rw-rw----. 1 rpc mail 0 Dec 25 13:27 rpc
The content in root mail is from when I had postfix installed. I have since deleted it to work on getting mailx to work instead.
=================================
perhaps /var/spool/mail/root needs 660 permissions?
Do you know what mailx is trying to write into the /root directory?
The output of logwatch. I edited /etc/logwatch/conf/logwatch.conf
with the line:
mailer = "/usr/bin/mailx -t"
To override /usr/share/logwatch/default.conf/logwatch.conf
mailer = "/usr/sbin/sendmail -t"
Ok I just added a patch to git to allow logwatch_mail_t to write to the /root directory certain files.
sesearch -T -s logwatch_mail_t | grep mail_home_rw_t type_transition logwatch_mail_t admin_home_t : dir mail_home_rw_t ".maildir"; type_transition logwatch_mail_t user_home_dir_t : dir mail_home_rw_t ".maildir"; type_transition logwatch_mail_t admin_home_t : file mail_home_rw_t ".esmtp_queue"; type_transition logwatch_mail_t admin_home_t : dir mail_home_rw_t "Maildir"; type_transition logwatch_mail_t user_home_dir_t : file mail_home_rw_t ".esmtp_queue"; type_transition logwatch_mail_t user_home_dir_t : dir mail_home_rw_t "Maildir";
You could do something similar by adding:
policy_module(mylogwatch, 1.0) gen_require(` type logwatch_mail_t; ')
mta_filetrans_admin_home_content(logwatch_mail_t)
Dan, you are way beyond me here. I need pretty clear cookbooks. Changing a line in a .conf is one thing, what are you telling me to do here? Just cut and paste from policy... to mta... into a rooted terminal session?
Create a file mylogwatch.te with the following content.
policy_module(mylogwatch, 1.0) gen_require(` type logwatch_mail_t; ')
mta_filetrans_admin_home_content(logwatch_mail_t)
Now execute this command to compile the policy and load it into the kernel
# make -f /usr/share/selinux/devel/Makefile # semodule -i mylogwatch.pp
Now you should be allowed to run logwatch_mail_t in enforcing mode.
getting closer. I am running a new install. So a fresh start on this...
On 01/06/2014 11:14 AM, Daniel J Walsh wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 01/03/2014 12:25 PM, Robert Moskowitz wrote:
On 01/03/2014 12:03 PM, Daniel J Walsh wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 01/03/2014 11:34 AM, Robert Moskowitz wrote:
On 01/03/2014 11:21 AM, Daniel J Walsh wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 01/02/2014 05:29 PM, Robert Moskowitz wrote:
And the mail is failing. Here is what I have done:
I determined that in: /usr/share/logwatch/default.conf/logwatch.conf mailer = "/usr/sbin/sendmail -t"
so in: /etc/logwatch/conf/logwatch.conf mailer = "/usr/bin/mailx -t"
In /etc/aliases I have:
# Person who should get root's mail root: rgm
and I ran newaliases
'journalctl |grep -i logwatch' shows the following (along with other lines):
Jan 02 03:32:01 lx120e.htt-consult.com run-parts[16112]: (/etc/cron.daily) starting 0logwatch Jan 02 03:32:12 lx120e.htt-consult.com run-parts[16429]: (/etc/cron.daily) finished 0logwatch Jan 02 03:32:16 lx120e.htt-consult.com setroubleshoot[16427]: dbus avc(node=lx120e.htt-consult.com type=AVC msg=audit(1388651532.024:734): avc: denied { write } for pid=16425 comm="mailx" name="root" dev="dm-0" ino=1308161 scontext=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023 tcontext=system_u:object_r:admin_home_t:s0 tclass=dir node=lx120e.htt-consult.com type=SYSCALL msg=audit(1388651532.024:734): arch=40000003 syscall=5 success=no exit=-13 a0=9b15128 a1=8441 a2=1b6 a3=809134c items=0 ppid=1 pid=16425 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=15 tty=(none) comm="mailx" exe="/usr/bin/mailx" subj=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023 key=(null) Jan 02 03:32:16 lx120e.htt-consult.com setroubleshoot[16427]: AuditRecordReceiver.add_record_to_cache(): node=lx120e.htt-consult.com type=AVC msg=audit(1388651532.24:734): avc: denied { write } for pid=16425 comm="mailx" name="root" dev="dm-0" ino=1308161 scontext=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023 tcontext=system_u:object_r:admin_home_t:s0 tclass=dir Jan 02 03:32:16 lx120e.htt-consult.com setroubleshoot[16427]: AuditRecordReceiver.add_record_to_cache(): node=lx120e.htt-consult.com type=SYSCALL msg=audit(1388651532.24:734): arch=40000003 syscall=5 success=no exit=-13 a0=9b15128 a1=8441 a2=1b6 a3=809134c items=0 ppid=1 pid=16425 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=15 tty=(none) comm="mailx" exe="/usr/bin/mailx" subj=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023 key=(null) Jan 02 03:32:16 lx120e.htt-consult.com setroubleshoot[16427]: analyze_avc() avc=scontext=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023 tcontext=system_u:object_r:admin_home_t:s0 access=['write'] tclass=dir tpath=/root
oh, here are the mail files:
# ls -ls /var/spool/mail/ total 8 0 -rw-rw----. 1 rgm mail 0 Jan 2 16:47 rgm 8 -rw-------. 1 root mail 5886 Dec 31 12:27 root 0 -rw-rw----. 1 rpc mail 0 Dec 25 13:27 rpc
The content in root mail is from when I had postfix installed. I have since deleted it to work on getting mailx to work instead.
=================================
perhaps /var/spool/mail/root needs 660 permissions?
Do you know what mailx is trying to write into the /root directory?
The output of logwatch. I edited /etc/logwatch/conf/logwatch.conf
with the line:
mailer = "/usr/bin/mailx -t"
To override /usr/share/logwatch/default.conf/logwatch.conf
mailer = "/usr/sbin/sendmail -t"
Ok I just added a patch to git to allow logwatch_mail_t to write to the /root directory certain files.
sesearch -T -s logwatch_mail_t | grep mail_home_rw_t type_transition logwatch_mail_t admin_home_t : dir mail_home_rw_t ".maildir"; type_transition logwatch_mail_t user_home_dir_t : dir mail_home_rw_t ".maildir"; type_transition logwatch_mail_t admin_home_t : file mail_home_rw_t ".esmtp_queue"; type_transition logwatch_mail_t admin_home_t : dir mail_home_rw_t "Maildir"; type_transition logwatch_mail_t user_home_dir_t : file mail_home_rw_t ".esmtp_queue"; type_transition logwatch_mail_t user_home_dir_t : dir mail_home_rw_t "Maildir";
You could do something similar by adding:
policy_module(mylogwatch, 1.0) gen_require(` type logwatch_mail_t; ')
mta_filetrans_admin_home_content(logwatch_mail_t)
Dan, you are way beyond me here. I need pretty clear cookbooks. Changing a line in a .conf is one thing, what are you telling me to do here? Just cut and paste from policy... to mta... into a rooted terminal session?
Create a file mylogwatch.te with the following content.
policy_module(mylogwatch, 1.0) gen_require(` type logwatch_mail_t; ')
mta_filetrans_admin_home_content(logwatch_mail_t)
Now execute this command to compile the policy and load it into the kernel
# make -f /usr/share/selinux/devel/Makefile
# make -f /usr/share/selinux/devel/Makefile make: /usr/share/selinux/devel/Makefile: No such file or directory make: *** No rule to make target `/usr/share/selinux/devel/Makefile'. Stop.
So what do I need to install. This is the base Gnome x86_64 with only Admin tools added. Oh and svn and git, as I need them for joint Internet Draft writing...
# semodule -i mylogwatch.pp
Now you should be allowed to run logwatch_mail_t in enforcing mode.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 01/07/2014 11:44 AM, Robert Moskowitz wrote:
getting closer. I am running a new install. So a fresh start on this...
On 01/06/2014 11:14 AM, Daniel J Walsh wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 01/03/2014 12:25 PM, Robert Moskowitz wrote:
On 01/03/2014 12:03 PM, Daniel J Walsh wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 01/03/2014 11:34 AM, Robert Moskowitz wrote:
On 01/03/2014 11:21 AM, Daniel J Walsh wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 01/02/2014 05:29 PM, Robert Moskowitz wrote: > And the mail is failing. Here is what I have done: > > I determined that in: > /usr/share/logwatch/default.conf/logwatch.conf mailer = > "/usr/sbin/sendmail -t" > > so in: /etc/logwatch/conf/logwatch.conf mailer = > "/usr/bin/mailx -t" > > In /etc/aliases I have: > > # Person who should get root's mail root: rgm > > and I ran newaliases > > 'journalctl |grep -i logwatch' shows the following (along with > other lines): > > Jan 02 03:32:01 lx120e.htt-consult.com run-parts[16112]: > (/etc/cron.daily) starting 0logwatch Jan 02 03:32:12 > lx120e.htt-consult.com run-parts[16429]: (/etc/cron.daily) > finished 0logwatch Jan 02 03:32:16 lx120e.htt-consult.com > setroubleshoot[16427]: dbus avc(node=lx120e.htt-consult.com > type=AVC msg=audit(1388651532.024:734): avc: denied { write } > for pid=16425 comm="mailx" name="root" dev="dm-0" ino=1308161 > scontext=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023 > tcontext=system_u:object_r:admin_home_t:s0 tclass=dir > node=lx120e.htt-consult.com type=SYSCALL > msg=audit(1388651532.024:734): arch=40000003 syscall=5 > success=no exit=-13 a0=9b15128 a1=8441 a2=1b6 a3=809134c > items=0 ppid=1 pid=16425 auid=0 uid=0 gid=0 euid=0 suid=0 > fsuid=0 egid=0 sgid=0 fsgid=0 ses=15 tty=(none) comm="mailx" > exe="/usr/bin/mailx" > subj=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023 > key=(null) Jan 02 03:32:16 lx120e.htt-consult.com > setroubleshoot[16427]: > AuditRecordReceiver.add_record_to_cache(): > node=lx120e.htt-consult.com type=AVC > msg=audit(1388651532.24:734): avc: denied { write } for > pid=16425 comm="mailx" name="root" dev="dm-0" ino=1308161 > scontext=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023 > tcontext=system_u:object_r:admin_home_t:s0 tclass=dir Jan 02 > 03:32:16 lx120e.htt-consult.com setroubleshoot[16427]: > AuditRecordReceiver.add_record_to_cache(): > node=lx120e.htt-consult.com type=SYSCALL > msg=audit(1388651532.24:734): arch=40000003 syscall=5 > success=no exit=-13 a0=9b15128 a1=8441 a2=1b6 a3=809134c > items=0 ppid=1 pid=16425 auid=0 uid=0 gid=0 euid=0 suid=0 > fsuid=0 egid=0 sgid=0 fsgid=0 ses=15 tty=(none) comm="mailx" > exe="/usr/bin/mailx" > subj=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023 > key=(null) Jan 02 03:32:16 lx120e.htt-consult.com > setroubleshoot[16427]: analyze_avc() > avc=scontext=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023 > tcontext=system_u:object_r:admin_home_t:s0 access=['write'] > tclass=dir tpath=/root > > oh, here are the mail files: > > # ls -ls /var/spool/mail/ total 8 0 -rw-rw----. 1 rgm mail > 0 Jan 2 16:47 rgm 8 -rw-------. 1 root mail 5886 Dec 31 12:27 > root 0 -rw-rw----. 1 rpc mail 0 Dec 25 13:27 rpc > > The content in root mail is from when I had postfix installed. > I have since deleted it to work on getting mailx to work > instead. > > ================================= > > > perhaps /var/spool/mail/root needs 660 permissions? > > Do you know what mailx is trying to write into the /root directory?
The output of logwatch. I edited /etc/logwatch/conf/logwatch.conf
with the line:
mailer = "/usr/bin/mailx -t"
To override /usr/share/logwatch/default.conf/logwatch.conf
mailer = "/usr/sbin/sendmail -t"
Ok I just added a patch to git to allow logwatch_mail_t to write to the /root directory certain files.
sesearch -T -s logwatch_mail_t | grep mail_home_rw_t type_transition logwatch_mail_t admin_home_t : dir mail_home_rw_t ".maildir"; type_transition logwatch_mail_t user_home_dir_t : dir mail_home_rw_t ".maildir"; type_transition logwatch_mail_t admin_home_t : file mail_home_rw_t ".esmtp_queue"; type_transition logwatch_mail_t admin_home_t : dir mail_home_rw_t "Maildir"; type_transition logwatch_mail_t user_home_dir_t : file mail_home_rw_t ".esmtp_queue"; type_transition logwatch_mail_t user_home_dir_t : dir mail_home_rw_t "Maildir";
You could do something similar by adding:
policy_module(mylogwatch, 1.0) gen_require(` type logwatch_mail_t; ')
mta_filetrans_admin_home_content(logwatch_mail_t)
Dan, you are way beyond me here. I need pretty clear cookbooks. Changing a line in a .conf is one thing, what are you telling me to do here? Just cut and paste from policy... to mta... into a rooted terminal session?
Create a file mylogwatch.te with the following content.
policy_module(mylogwatch, 1.0) gen_require(` type logwatch_mail_t; ')
mta_filetrans_admin_home_content(logwatch_mail_t)
Now execute this command to compile the policy and load it into the kernel
# make -f /usr/share/selinux/devel/Makefile
# make -f /usr/share/selinux/devel/Makefile make: /usr/share/selinux/devel/Makefile: No such file or directory make: *** No rule to make target `/usr/share/selinux/devel/Makefile'. Stop.
So what do I need to install. This is the base Gnome x86_64 with only Admin tools added. Oh and svn and git, as I need them for joint Internet Draft writing...
# semodule -i mylogwatch.pp
Now you should be allowed to run logwatch_mail_t in enforcing mode.
yum install selinux-policy-devel
On Tue, 07 Jan 2014 11:44:14 -0500 Robert Moskowitz rgm@htt-consult.com wrote:
/usr/share/selinux/devel/Makefile
yum whatprovides /usr/share/selinux/devel/Makefile <snipped>
yum install selinux-policy-devel
___ Regards, Frank www.frankly3d.com
On 01/07/2014 11:53 AM, Frank Murphy wrote:
On Tue, 07 Jan 2014 11:44:14 -0500 Robert Moskowitz rgm@htt-consult.com wrote:
/usr/share/selinux/devel/Makefile
yum whatprovides /usr/share/selinux/devel/Makefile
<snipped>
yum install selinux-policy-devel
Ahhh. I was thinking of whatprovides, but did not click on providing the whole path as such. Will note for any future need (hah!).
I am seeing the following errors via "journalctl |grep logwatch":
Jan 22 03:37:14 lx120e.htt-consult.com setroubleshoot[11102]: dbus avc(node=lx120e.htt-consult.com type=AVC msg=audit(1390390627.456:1007): avc: denied { execute } for pid=11100 comm="logwatch" name="procmail" dev="sda3" ino=1187050 scontext=system_u:system_r:logwatch_t:s0-s0:c0.c1023 tcontext=system_u:object_r:procmail_exec_t:s0 tclass=file node=lx120e.htt-consult.com type=SYSCALL msg=audit(1390390627.456:1007): arch=c000003e syscall=59 success=no exit=-13 a0=d13ad0 a1=d13a50 a2=d137c0 a3=8 items=0 ppid=11013 pid=11100 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=16 tty=(none) comm="logwatch" exe="/usr/bin/perl" subj=system_u:system_r:logwatch_t:s0-s0:c0.c1023 key=(null) Jan 22 03:37:14 lx120e.htt-consult.com setroubleshoot[11102]: AuditRecordReceiver.add_record_to_cache(): node=lx120e.htt-consult.com type=AVC msg=audit(1390390627.456:1007): avc: denied { execute } for pid=11100 comm="logwatch" name="procmail" dev="sda3" ino=1187050 scontext=system_u:system_r:logwatch_t:s0-s0:c0.c1023 tcontext=system_u:object_r:procmail_exec_t:s0 tclass=file Jan 22 03:37:14 lx120e.htt-consult.com setroubleshoot[11102]: AuditRecordReceiver.add_record_to_cache(): node=lx120e.htt-consult.com type=SYSCALL msg=audit(1390390627.456:1007): arch=c000003e syscall=59 success=no exit=-13 a0=d13ad0 a1=d13a50 a2=d137c0 a3=8 items=0 ppid=11013 pid=11100 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=16 tty=(none) comm="logwatch" exe="/usr/bin/perl" subj=system_u:system_r:logwatch_t:s0-s0:c0.c1023 key=(null) Jan 22 03:37:14 lx120e.htt-consult.com setroubleshoot[11102]: analyze_avc() avc=scontext=system_u:system_r:logwatch_t:s0-s0:c0.c1023 tcontext=system_u:object_r:procmail_exec_t:s0 access=['execute'] tclass=file tpath=procmail
I had performed the following selinux policy:
On 01/06/2014 08:14 AM, Daniel J Walsh wrote:
Create a file mylogwatch.te with the following content.
policy_module(mylogwatch, 1.0) gen_require(` type logwatch_mail_t; ')
mta_filetrans_admin_home_content(logwatch_mail_t)
Now execute this command to compile the policy and load it into the kernel
# make -f /usr/share/selinux/devel/Makefile # semodule -i mylogwatch.pp
Now you should be allowed to run logwatch_mail_t in enforcing mode.
What do these messages mean?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 01/22/2014 11:07 PM, Robert Moskowitz wrote:
I am seeing the following errors via "journalctl |grep logwatch":
Jan 22 03:37:14 lx120e.htt-consult.com setroubleshoot[11102]: dbus avc(node=lx120e.htt-consult.com type=AVC msg=audit(1390390627.456:1007): avc: denied { execute } for pid=11100 comm="logwatch" name="procmail" dev="sda3" ino=1187050 scontext=system_u:system_r:logwatch_t:s0-s0:c0.c1023 tcontext=system_u:object_r:procmail_exec_t:s0 tclass=file node=lx120e.htt-consult.com type=SYSCALL msg=audit(1390390627.456:1007): arch=c000003e syscall=59 success=no exit=-13 a0=d13ad0 a1=d13a50 a2=d137c0 a3=8 items=0 ppid=11013 pid=11100 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=16 tty=(none) comm="logwatch" exe="/usr/bin/perl" subj=system_u:system_r:logwatch_t:s0-s0:c0.c1023 key=(null) Jan 22 03:37:14 lx120e.htt-consult.com setroubleshoot[11102]: AuditRecordReceiver.add_record_to_cache(): node=lx120e.htt-consult.com type=AVC msg=audit(1390390627.456:1007): avc: denied { execute } for pid=11100 comm="logwatch" name="procmail" dev="sda3" ino=1187050 scontext=system_u:system_r:logwatch_t:s0-s0:c0.c1023 tcontext=system_u:object_r:procmail_exec_t:s0 tclass=file Jan 22 03:37:14 lx120e.htt-consult.com setroubleshoot[11102]: AuditRecordReceiver.add_record_to_cache(): node=lx120e.htt-consult.com type=SYSCALL msg=audit(1390390627.456:1007): arch=c000003e syscall=59 success=no exit=-13 a0=d13ad0 a1=d13a50 a2=d137c0 a3=8 items=0 ppid=11013 pid=11100 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=16 tty=(none) comm="logwatch" exe="/usr/bin/perl" subj=system_u:system_r:logwatch_t:s0-s0:c0.c1023 key=(null) Jan 22 03:37:14 lx120e.htt-consult.com setroubleshoot[11102]: analyze_avc() avc=scontext=system_u:system_r:logwatch_t:s0-s0:c0.c1023 tcontext=system_u:object_r:procmail_exec_t:s0 access=['execute'] tclass=file tpath=procmail
I had performed the following selinux policy:
On 01/06/2014 08:14 AM, Daniel J Walsh wrote:
Create a file mylogwatch.te with the following content.
policy_module(mylogwatch, 1.0) gen_require(` type logwatch_mail_t; ')
mta_filetrans_admin_home_content(logwatch_mail_t)
Now execute this command to compile the policy and load it into the kernel
# make -f /usr/share/selinux/devel/Makefile # semodule -i mylogwatch.pp
Now you should be allowed to run logwatch_mail_t in enforcing mode.
What do these messages mean?
They mean that logwatch is not allowed to execute the procmail program.
You could add policy for it.
procmail_domtrans(logwatch_t)
On 01/23/2014 08:38 AM, Daniel J Walsh wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 01/22/2014 11:07 PM, Robert Moskowitz wrote:
I am seeing the following errors via "journalctl |grep logwatch":
I had performed the following selinux policy:
On 01/06/2014 08:14 AM, Daniel J Walsh wrote:
Create a file mylogwatch.te with the following content.
policy_module(mylogwatch, 1.0) gen_require(` type logwatch_mail_t; ')
mta_filetrans_admin_home_content(logwatch_mail_t)
Now execute this command to compile the policy and load it into the kernel
# make -f /usr/share/selinux/devel/Makefile # semodule -i mylogwatch.pp
Now you should be allowed to run logwatch_mail_t in enforcing mode.
What do these messages mean?
They mean that logwatch is not allowed to execute the procmail program.
You could add policy for it.
Obvious. hindsight is just great!
procmail_domtrans(logwatch_t)
I am looking at what you gave me before:
#cat mylogwatch.te policy_module(mylogwatch, 1.0) gen_require(` type logwatch_mail_t; ')
mta_filetrans_admin_home_content(logwatch_mail_t)
--------------------
Would mylogwprocmail.te contain:
policy_module(mylogwprocmail, 1.0) gen_require(` type logwatch_t; ')
procmail_domtrans(logwatch_t)
???????????????????
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 01/23/2014 01:54 PM, Robert Moskowitz wrote:
On 01/23/2014 08:38 AM, Daniel J Walsh wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 01/22/2014 11:07 PM, Robert Moskowitz wrote:
I am seeing the following errors via "journalctl |grep logwatch":
I had performed the following selinux policy:
On 01/06/2014 08:14 AM, Daniel J Walsh wrote:
Create a file mylogwatch.te with the following content.
policy_module(mylogwatch, 1.0) gen_require(` type logwatch_mail_t; ')
mta_filetrans_admin_home_content(logwatch_mail_t)
Now execute this command to compile the policy and load it into the kernel
# make -f /usr/share/selinux/devel/Makefile # semodule -i mylogwatch.pp
Now you should be allowed to run logwatch_mail_t in enforcing mode.
What do these messages mean?
They mean that logwatch is not allowed to execute the procmail program.
You could add policy for it.
Obvious. hindsight is just great!
procmail_domtrans(logwatch_t)
I am looking at what you gave me before:
#cat mylogwatch.te policy_module(mylogwatch, 1.0) gen_require(` type logwatch_mail_t; ')
mta_filetrans_admin_home_content(logwatch_mail_t)
Would mylogwprocmail.te contain:
policy_module(mylogwprocmail, 1.0) gen_require(` type logwatch_t; ')
procmail_domtrans(logwatch_t)
???????????????????
Yes basically.
On 01/23/2014 01:55 PM, Daniel J Walsh wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 01/23/2014 01:54 PM, Robert Moskowitz wrote:
On 01/23/2014 08:38 AM, Daniel J Walsh wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 01/22/2014 11:07 PM, Robert Moskowitz wrote:
I am seeing the following errors via "journalctl |grep logwatch":
I had performed the following selinux policy:
On 01/06/2014 08:14 AM, Daniel J Walsh wrote:
Create a file mylogwatch.te with the following content.
policy_module(mylogwatch, 1.0) gen_require(` type logwatch_mail_t; ')
mta_filetrans_admin_home_content(logwatch_mail_t)
Now execute this command to compile the policy and load it into the kernel
# make -f /usr/share/selinux/devel/Makefile # semodule -i mylogwatch.pp
Now you should be allowed to run logwatch_mail_t in enforcing mode.
What do these messages mean?
They mean that logwatch is not allowed to execute the procmail program.
You could add policy for it.
Obvious. hindsight is just great!
procmail_domtrans(logwatch_t)
I am looking at what you gave me before:
#cat mylogwatch.te policy_module(mylogwatch, 1.0) gen_require(` type logwatch_mail_t; ')
mta_filetrans_admin_home_content(logwatch_mail_t)
Would mylogwprocmail.te contain:
policy_module(mylogwprocmail, 1.0) gen_require(` type logwatch_t; ')
procmail_domtrans(logwatch_t)
???????????????????
Yes basically.
Did it, now to wait until the next logwatch run.
On Thu, 23 Jan 2014 14:17:25 -0500 Robert Moskowitz rgm@htt-consult.com wrote:
Did it, now to wait until the next logwatch run.
you can force it to run with either running "sh /etc/cron.daily/0logwatch" or run-parts /etc/cron.daily (re-runs all the daily jobs in the that dir)
___ Regards, Frank www.frankly3d.com
-
Daniel J Walsh -
Frank Murphy -
Robert Moskowitz