snmpd proc monitoring problem

Carlos Pastorino carlos.pastorino at gmail.com
Sat Apr 30 00:54:55 UTC 2005 

On 4/29/05, Daniel J Walsh <dwalsh at redhat.com> wrote:
> Carlos Pastorino wrote:
> 
> >Hello,
> >
> >I've inserted the following line on my /etc/snmpd.conf file:
> >
> >    proc sshd
> >
> >Then I executed the following command:
> >
> >snmpwalk -On -v2c -c public localhost .1.3.6.1.4.1.2021.2.1
> >
> >and got the answer:
> >
> >.1.3.6.1.4.1.2021.2.1.1.1 = INTEGER: 1
> >.1.3.6.1.4.1.2021.2.1.2.1 = STRING: sshd
> >.1.3.6.1.4.1.2021.2.1.3.1 = INTEGER: 0
> >.1.3.6.1.4.1.2021.2.1.4.1 = INTEGER: 0
> >.1.3.6.1.4.1.2021.2.1.5.1 = INTEGER: 0
> >.1.3.6.1.4.1.2021.2.1.100.1 = INTEGER: 1
> >.1.3.6.1.4.1.2021.2.1.101.1 = STRING: No sshd process running.
> >.1.3.6.1.4.1.2021.2.1.102.1 = INTEGER: 0
> >.1.3.6.1.4.1.2021.2.1.103.1 = STRING:
> >
> >But, if I execute the command below:
> >
> >setenforce 0
> >
> >I get the correct answer:
> >
> >.1.3.6.1.4.1.2021.2.1.1.1 = INTEGER: 1
> >.1.3.6.1.4.1.2021.2.1.2.1 = STRING: sshd
> >.1.3.6.1.4.1.2021.2.1.3.1 = INTEGER: 0
> >.1.3.6.1.4.1.2021.2.1.4.1 = INTEGER: 0
> >.1.3.6.1.4.1.2021.2.1.5.1 = INTEGER: 2
> >.1.3.6.1.4.1.2021.2.1.100.1 = INTEGER: 0
> >.1.3.6.1.4.1.2021.2.1.101.1 = STRING:
> >.1.3.6.1.4.1.2021.2.1.102.1 = INTEGER: 0
> >.1.3.6.1.4.1.2021.2.1.103.1 = STRING:
> >
> >The problem is, nothing shows up on /var/log/messages to allow me to
> >figure out how to tweak the
> >/etc/selinux/targeted/src/policy/domains/program/snmpd.te file.
> >
> >Any hints?
> >
> >Regards,
> >
> >Carlos
> >
> >--
> >fedora-selinux-list mailing list
> >fedora-selinux-list at redhat.com
> >http://www.redhat.com/mailman/listinfo/fedora-selinux-list
> >
> >
> You are being bitten by a dontaudit rule.  To disable dont audits
> cd /etc/selinux/targeted/src/policy
> 
> make enableaudit
> make load
> 
> The culprit line is the following.
> 
> dontaudit snmpd_t domain:dir { getattr search };
> 
> If you change this to allow you will get further.
> 
> --

Hi Daniel,

On the snmpd.te file, I've changed the line above to:

allow snmpd_t domain:dir { getattr search };

Then I executed "make load", and got the error:

assertion on line 21719 violated by allow snmpd_t unconfined_t:dir {
getattr search };
make: *** [/etc/selinux/targeted/policy/policy.18] Error 1

Now I'm stuck again :) mainly because I don't know if it's a good idea
to change the rule on line 21719, namely:

# Confined domains must never see unconfined domain's /proc/pid entries.
neverallow { domain -unrestricted } unconfined_t:dir { getattr search };

Any advices?

Many thanks,

Carlos

More information about the selinux mailing list