Trying to use mailx for logwatch
Robert Moskowitz
rgm at htt-consult.com
Tue Jan 7 16:44:14 UTC 2014
getting closer. I am running a new install. So a fresh start on this...
On 01/06/2014 11:14 AM, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 01/03/2014 12:25 PM, Robert Moskowitz wrote:
>> On 01/03/2014 12:03 PM, Daniel J Walsh wrote:
>>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>>>
>>> On 01/03/2014 11:34 AM, Robert Moskowitz wrote:
>>>> On 01/03/2014 11:21 AM, Daniel J Walsh wrote:
>>>>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>>>>>
>>>>> On 01/02/2014 05:29 PM, Robert Moskowitz wrote:
>>>>>> And the mail is failing. Here is what I have done:
>>>>>>
>>>>>> I determined that in:
>>>>>> /usr/share/logwatch/default.conf/logwatch.conf mailer =
>>>>>> "/usr/sbin/sendmail -t"
>>>>>>
>>>>>> so in: /etc/logwatch/conf/logwatch.conf mailer = "/usr/bin/mailx
>>>>>> -t"
>>>>>>
>>>>>> In /etc/aliases I have:
>>>>>>
>>>>>> # Person who should get root's mail root: rgm
>>>>>>
>>>>>> and I ran newaliases
>>>>>>
>>>>>> 'journalctl |grep -i logwatch' shows the following (along with
>>>>>> other lines):
>>>>>>
>>>>>> Jan 02 03:32:01 lx120e.htt-consult.com run-parts[16112]:
>>>>>> (/etc/cron.daily) starting 0logwatch Jan 02 03:32:12
>>>>>> lx120e.htt-consult.com run-parts[16429]: (/etc/cron.daily)
>>>>>> finished 0logwatch Jan 02 03:32:16 lx120e.htt-consult.com
>>>>>> setroubleshoot[16427]: dbus avc(node=lx120e.htt-consult.com
>>>>>> type=AVC msg=audit(1388651532.024:734): avc: denied { write } for
>>>>>> pid=16425 comm="mailx" name="root" dev="dm-0" ino=1308161
>>>>>> scontext=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023
>>>>>> tcontext=system_u:object_r:admin_home_t:s0 tclass=dir
>>>>>> node=lx120e.htt-consult.com type=SYSCALL
>>>>>> msg=audit(1388651532.024:734): arch=40000003 syscall=5 success=no
>>>>>> exit=-13 a0=9b15128 a1=8441 a2=1b6 a3=809134c items=0 ppid=1
>>>>>> pid=16425 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
>>>>>> fsgid=0 ses=15 tty=(none) comm="mailx" exe="/usr/bin/mailx"
>>>>>> subj=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023 key=(null)
>>>>>> Jan 02 03:32:16 lx120e.htt-consult.com setroubleshoot[16427]:
>>>>>> AuditRecordReceiver.add_record_to_cache():
>>>>>> node=lx120e.htt-consult.com type=AVC msg=audit(1388651532.24:734):
>>>>>> avc: denied { write } for pid=16425 comm="mailx" name="root"
>>>>>> dev="dm-0" ino=1308161
>>>>>> scontext=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023
>>>>>> tcontext=system_u:object_r:admin_home_t:s0 tclass=dir Jan 02
>>>>>> 03:32:16 lx120e.htt-consult.com setroubleshoot[16427]:
>>>>>> AuditRecordReceiver.add_record_to_cache():
>>>>>> node=lx120e.htt-consult.com type=SYSCALL
>>>>>> msg=audit(1388651532.24:734): arch=40000003 syscall=5 success=no
>>>>>> exit=-13 a0=9b15128 a1=8441 a2=1b6 a3=809134c items=0 ppid=1
>>>>>> pid=16425 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
>>>>>> fsgid=0 ses=15 tty=(none) comm="mailx" exe="/usr/bin/mailx"
>>>>>> subj=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023 key=(null)
>>>>>> Jan 02 03:32:16 lx120e.htt-consult.com setroubleshoot[16427]:
>>>>>> analyze_avc()
>>>>>> avc=scontext=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023
>>>>>> tcontext=system_u:object_r:admin_home_t:s0 access=['write']
>>>>>> tclass=dir tpath=/root
>>>>>>
>>>>>> oh, here are the mail files:
>>>>>>
>>>>>> # ls -ls /var/spool/mail/ total 8 0 -rw-rw----. 1 rgm mail 0
>>>>>> Jan 2 16:47 rgm 8 -rw-------. 1 root mail 5886 Dec 31 12:27 root 0
>>>>>> -rw-rw----. 1 rpc mail 0 Dec 25 13:27 rpc
>>>>>>
>>>>>> The content in root mail is from when I had postfix installed. I
>>>>>> have since deleted it to work on getting mailx to work instead.
>>>>>>
>>>>>> =================================
>>>>>>
>>>>>>
>>>>>> perhaps /var/spool/mail/root needs 660 permissions?
>>>>>>
>>>>>>
>>>>> Do you know what mailx is trying to write into the /root directory?
>>>> The output of logwatch. I edited /etc/logwatch/conf/logwatch.conf
>>>>
>>>> with the line:
>>>>
>>>> mailer = "/usr/bin/mailx -t"
>>>>
>>>> To override /usr/share/logwatch/default.conf/logwatch.conf
>>>>
>>>> mailer = "/usr/sbin/sendmail -t"
>>>>
>>>>
>>> Ok I just added a patch to git to allow logwatch_mail_t to write to the
>>> /root directory certain files.
>>>
>>> sesearch -T -s logwatch_mail_t | grep mail_home_rw_t type_transition
>>> logwatch_mail_t admin_home_t : dir mail_home_rw_t ".maildir";
>>> type_transition logwatch_mail_t user_home_dir_t : dir mail_home_rw_t
>>> ".maildir"; type_transition logwatch_mail_t admin_home_t : file
>>> mail_home_rw_t ".esmtp_queue"; type_transition logwatch_mail_t
>>> admin_home_t : dir mail_home_rw_t "Maildir"; type_transition
>>> logwatch_mail_t user_home_dir_t : file mail_home_rw_t ".esmtp_queue";
>>> type_transition logwatch_mail_t user_home_dir_t : dir mail_home_rw_t
>>> "Maildir";
>>>
>>> You could do something similar by adding:
>>>
>>> policy_module(mylogwatch, 1.0) gen_require(` type logwatch_mail_t; ')
>>>
>>> mta_filetrans_admin_home_content(logwatch_mail_t)
>> Dan, you are way beyond me here. I need pretty clear cookbooks. Changing a
>> line in a .conf is one thing, what are you telling me to do here? Just cut
>> and paste from policy... to mta... into a rooted terminal session?
>>
>>
>
> Create a file mylogwatch.te with the following content.
>
> policy_module(mylogwatch, 1.0)
> gen_require(`
> type logwatch_mail_t;
> ')
>
> mta_filetrans_admin_home_content(logwatch_mail_t)
>
> Now execute this command to compile the policy and load it into the kernel
>
> # make -f /usr/share/selinux/devel/Makefile
# make -f /usr/share/selinux/devel/Makefile
make: /usr/share/selinux/devel/Makefile: No such file or directory
make: *** No rule to make target `/usr/share/selinux/devel/Makefile'. Stop.
So what do I need to install. This is the base Gnome x86_64 with only
Admin tools added. Oh and svn and git, as I need them for joint
Internet Draft writing...
> # semodule -i mylogwatch.pp
>
> Now you should be allowed to run logwatch_mail_t in enforcing mode.
>
More information about the users
mailing list