0

Disable full Selinux

First edit /etc/selinux/config

SELINUX=disabled

Also try add to grub.conf selinux=0

kernel /vmlinuz-2.6.32-642.3.1.el6.x86_64 ro root=/dev/mapper/vg-lv_root rd_NO_LUKS  KEYBOARDTYPE=pc KEYTABLE=es rd_NO_MD SYSFONT=latarcyrheb-sun16 crashkernel=auto LANG=es_ES.UTF-8 rd_LVM_LV=vg/lv_swap rd_NO_DM rd_LVM_LV=vg/lv_root selinux=0 rhgb quiet
    initrd /initramfs-2.6.32-642.3.1.el6.x86_64.img

Reboot machine and verify

root@srv107 [~]# sestatus
SELinux status:                 disabled

Oops

Problem persist. Several services that use ports 24, 10050, 10051 when try access from other hosts get error:

#telnet srv107.XXXXXXX.net 10051
Trying 5.XXX.XX.101...
telnet: connect to address 5.XXX.XX.101: No route to host

And on host see selinux logging in action

type=USER_START msg=audit(1470384283.115:17): user pid=2348 uid=0 auid=0 ses=1 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=213.XXX.XX.35 addr=213.XXX.XX.35 terminal=/dev/pts/0 res=success'
type=CRYPTO_KEY_USER msg=audit(1470384283.116:18): user pid=2348 uid=0 auid=0 ses=1 msg='op=destroy kind=server fp=59:ff:74:ff:7f:4b:a8:5b:60:20:60:c7:a5:4b:c8:ae direction=? spid=2348 suid=0  exe="/usr/sbin/sshd" hostname=? addr=213.XXX.XX.35 terminal=pts/0 res=success'
type=CRYPTO_KEY_USER msg=audit(1470384283.116:19): user pid=2348 uid=0 auid=0 ses=1 msg='op=destroy kind=server fp=7b:0d:45:79:16:08:c4:3f:30:0f:3d:76:86:07:48:c5 direction=? spid=2348 suid=0  exe="/usr/sbin/sshd" hostname=? addr=213.XXX.XX.35 terminal=pts/0 res=success'
type=CRED_REFR msg=audit(1470384283.116:20): user pid=2348 uid=0 auid=0 ses=1 msg='op=PAM:setcred acct="root" exe="/usr/sbin/sshd" hostname=213.XXX.XX.35 addr=213.XXX.XX.35 terminal=ssh res=success'
type=USER_ACCT msg=audit(1470384301.929:21): user pid=2413 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
type=CRED_ACQ msg=audit(1470384301.929:22): user pid=2413 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
type=LOGIN msg=audit(1470384301.929:23): pid=2413 uid=0 old auid=4294967295 new auid=0 old ses=4294967295 new ses=2
type=USER_START msg=audit(1470384301.935:24): user pid=2413 uid=0 auid=0 ses=2 msg='op=PAM:session_open acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
type=CRED_DISP msg=audit(1470384305.615:25): user pid=2413 uid=0 auid=0 ses=2 msg='op=PAM:setcred acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
type=USER_END msg=audit(1470384305.615:26): user pid=2413 uid=0 auid=0 ses=2 msg='op=PAM:session_close acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
abkrim
  • 417
  • 7
  • 18

1 Answers1

1

From your audit log, there is nothing for the operation you have performed. The audit log shows the SSH connection and the cron operation but you are trying to connect with telnet.

First, you have to check if you have opened ports, for example the port 10051:

netstat -an
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 0.0.0.0:10051           0.0.0.0:*               LISTEN

Then you have to check whether you have been blocked with firewall:

firewall-cmd --list-all

If you cannot find the ports listed in the firewall output result, you have to add new rule by:

firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" port port=10051 protocol="tcp" accept'

For permanent rule, you have to reload the firewall service to apply new settings:

firewall-cmd --reload
Simon MC. Cheng
  • 436
  • 2
  • 7
  • Of course, all port are open. Server work fine with this ports after a upgrade Centos. Of course, ports are open, and if you read, see message `No route to host` `netstat -an |grep 10050 tcp 0 0 0.0.0.0:10050 0.0.0.0:* LISTEN` and not all sysadmin use firewall of system and not all firewall work open port. (also you can open all ports for a espaicl host or ip) ;-) – abkrim Aug 05 '16 at 10:30
  • you have the port 10050 opened but you are connecting with port 10051 with telnet command - telnet srv107.XXXXXXX.net 10051, is that a typo? – Simon MC. Cheng Aug 05 '16 at 10:33
  • A lot of thanks... I disable my own firewall yesterday,and orginal firewall of Centos 6, block this ports. Your tip, show me a problem. Re-enable my firewall and now workfine – abkrim Aug 05 '16 at 10:36
  • `telnet srv107.tamainut.net 10050 Trying 5.135.93.101... Connected to srv107.XXXXX.net.` – abkrim Aug 05 '16 at 10:37
  • Good to know you have fixed the problem =] – Simon MC. Cheng Aug 05 '16 at 10:39