Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [selinux]

NSA Security-Enhanced Linux (SELinux) is an implementation of a flexible mandatory access control architecture in the Linux operating system.

The SELinux architecture provides general support for the enforcement of many kinds of mandatory access control policies, including those based on the concepts of Type Enforcement®, Role- Based Access Control, and Multi-Level Security. Background information and technical documentation about SELinux can be found at http://www.nsa.gov/selinux.

681 questions
0
votes
0 answers

is there any way to filter in syslog (not rsyslog) such as programname?

I need to add filter in my syslogs. I know how to do in rsyslogs. But we need to add same logs in syslogs as well in legacy systems.Is there any way to do it? Corresponding rsyslog entries are: :msg, contains, "ABC" /var/log/abc.log :programname,…
sgupta
  • 101
  • 1
0
votes
1 answer

vsftpd error 530 Login incorrect error occurs with valid credentials

Though there are a number of similar existing question/answers that reference vsftpd and error code 530, but they do not seem to be helpful in this case: vsftpd login error: 530 VSFTPD 530 Login incorrect vsftp login errors 530 login incorrect 530…
kbulgrien
  • 434
  • 1
  • 7
  • 17
0
votes
1 answer

SELinux blocks tomcat web application to load Java native library (JNI) - how to configure SELinux on Centos 7?

I have a Centos 7 with Tomcat installed and tomcat user ls -l /var/lib/tomcat total 0 drwxrwxrwx. 5 root tomcat 84 Jul 3 13:18 webapps SELinux is enforcing and a Java web application which tries to load Java native library (JNI) from shared…
Bằng Rikimaru
  • 141
  • 4
0
votes
1 answer

nginx cache dir creation—strange behaviour

I have the following line (plus context) in my nginx.conf: http { proxy_cache_path cache/ keys_zone=auth_cache:10m; ... Since nginx.conf is in /etc/nginx, cache/ corresponds to /etc/nginx/cache. drwxr-xr-x. 5 root root 205 Jun 18…
Jeff Hemmen
  • 1
  • 3
0
votes
1 answer

Can’t write to a file owned by the process with correct pemissions (may be selinux related)

I've got bind setup on a fresh install of Ubuntu Karmic I am trying to send bind some updates, but it fails with this message appearing in the logs kernel: [254421.299955] type=1503 audit(1260156728.002:104): operation="mknod" pid=1111 parent=1…
aussiegeek
  • 234
  • 3
  • 11
0
votes
3 answers

SeLinux stops starting of nginx

Reboted nginx proxy server (centos7+nginx only, apache on another) I got error: DOMAIN systemd[1]: Starting Session 439 of user root. -- Subject: Unit session-439.scope has begun start-up -- Defined-By: systemd -- -- Unit session-439.scope has…
user7943875
  • 1
  • 1
0
votes
0 answers

How to filer Audit.log based on hostname or addr

I have enabled auditd to collect logs based on some rules and everything is working nicely. I wonder to know is there anyway to filer type of audit (ex USER_LOGIN) based on addr or hostname? For example the below log has addr=192.168.2.59 and do not…
ma.kamalian
  • 1
0
votes
2 answers

Allow SeLinux to specific user can send email

I'm trying to allow user zabbix to send email using ssmtps. I've configured everything except SeLinux. For SeLinux booleans there is no such item available for zabbix like httpd_can_sendmail. PS: I can' send email when disable SeLinux. But I don't…
tsoomo
  • 1
  • 3
0
votes
0 answers

How to pre-install and pre-configure selinux in a kvm/qemu guest image using docker?

I'm working in a company where we need to distribute our image running SE-Linux inside. The product uses virtualization for additional security, thus we have got a setup with a linux host, running several qemu-kvm guests. The kvm guest's OS is…
ElectRocnic
  • 221
  • 2
  • 4
0
votes
0 answers

SELinux allow process to execute binary

I have the Bacula backup system running and SELinux is interfering. The problem arises when Bacula runs a script that invokes /usr/bin/hostname before one of the backups. 12-Apr 00:05 dir_backup JobId 122: BeforeJob: /usr/local/sbin/sshbacula: line…
Lasse Halberg Haarbye
  • 101
  • 2
0
votes
1 answer

Does enabling SELinux "enforcing" in KVM host causing problems in the guests?

I've KVM hypervisor with (Software Raid1) and I've few created VMs .. Does Enable "SELinux" IN the host affects badly on Raid1 and The guests (VMs) ? or there is no relation? Is it a recommended approach? Actually, I've it enabled by default to…
Jason4Ever
  • 111
  • 1
  • 6
0
votes
1 answer

SELinux: how to allow httpd to delete temp files from MySQL?

Here's the setup: I let MySQL dump tables to /tmp (they just contain numbers, no real data) for PHP to pick up and process. After this, the temp files are no longer needed, so I delete them with PHP (unlink). Of course, SELinux does not like this. I…
kasimir
  • 203
  • 1
  • 3
  • 11
0
votes
1 answer

Removing module fails - cannot find port type, but it's there?

I have a SELinux module that, among other things, allows Apache to connect via TCP to a specific port: cat < sgtest.te module sgtest 1.0.0; require { attribute port_type; type httpd_t; class tcp_socket name_socket; } type my_port_t,…
Lightness Races in Orbit
  • 388
  • 2
  • 5
  • 18
0
votes
0 answers

allow apache to run php script - audit2allow hasn't worked thus far

At a previous company the fix was to disable SELinux. I'm trying to leave SELinux enabled and tune what I need in order to accomplish my goal. In short, I want apache/httpd to run '/usr/bin/systemctl status postfix' and return the status. With…
awreneau
  • 1
0
votes
1 answer

Set persistent SELinux file types under /run

I set a file to a specific type using semanage fcontext, and using restorecon does properly set the file type. However, upon reboot, the type goes back the default. If I run restorecon again then it updates to its proper type. This file exists under…
quackrabbit
  • 3
  • 3
1 2 3
45 46