SELinux security alert/Squid -
Bob Goodwin
bobgoodwin at wildblue.net
Mon Feb 8 09:20:43 UTC 2010
Yesterday I began getting an "SELinux security alert" and Firefox began
to operate erratically [became useless].
I did "setsebool -P squid_connect_any=1" per the alert and Firefox began
to work again, however now this morning I am getting a similar notice
although it appears to be making an exception.
Do I need to take some further action to satisfy SELinux or will I
continue to get this notice until some future update?
Bob
.
Summary:
SELinux is preventing the squid daemon from connecting to
network port 8180
Detailed Description:
[squid has a permissive type (squid_t). This access was not denied.]
SELinux has denied the squid daemon from connecting to 8180. By
default squid
policy is setup to deny squid connections. If you did not setup
squid to network
connections, this could signal a intrusion attempt.
Allowing Access:
If you want squid to connect to network ports you need to turn
on the
squid_connect_any boolean: "setsebool -P squid_connect_any=1"
Fix Command:
setsebool -P squid_connect_any=1
Additional Information:
Source Context system_u:system_r:squid_t:s0
Target Context system_u:object_r:port_t:s0
Target Objects None [ tcp_socket ]
Source squid
Source Path /usr/sbin/squid
Port 8180
Host box6
Source RPM Packages squid-3.1.0.15-2.fc12
Target RPM Packages
Policy RPM selinux-policy-3.6.32-78.fc12
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Plugin Name squid_connect_any
Host Name box6
Platform Linux box6
2.6.31.12-174.2.3.fc12.x86_64 #1 SMP
Mon Jan 18 19:52:07 UTC 2010
x86_64 x86_64
Alert Count 33
First Seen Sun 07 Feb 2010 04:50:46 PM EST
Last Seen Sun 07 Feb 2010 05:08:58 PM EST
Local ID 87daf7bf-ecdf-4025-9780-520ef4d433f5
Line Numbers
Raw Audit Messages
node=box6 type=AVC msg=audit(1265580538.758:20027): avc:
denied { name_connect } for pid=1504 comm="squid" dest=8180
scontext=system_u:system_r:squid_t:s0
tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket
node=box6 type=SYSCALL msg=audit(1265580538.758:20027):
arch=c000003e syscall=42 success=yes exit=4294967424 a0=e
a1=7fd5727bb730 a2=1c a3=1c items=0 ppid=1502 pid=1504
auid=4294967295 uid=0 gid=23 euid=23 suid=0 fsuid=23 egid=23
sgid=23 fsgid=23 tty=(none) ses=4294967295 comm="squid"
exe="/usr/sbin/squid" subj=system_u:system_r:squid_t:s0 key=(null)
--
More information about the users
mailing list