Questions tagged [selinux]

NSA Security-Enhanced Linux (SELinux) is an implementation of a flexible mandatory access control architecture in the Linux operating system.

The SELinux architecture provides general support for the enforcement of many kinds of mandatory access control policies, including those based on the concepts of Type Enforcement®, Role- Based Access Control, and Multi-Level Security. Background information and technical documentation about SELinux can be found at http://www.nsa.gov/selinux.

681 questions

votes

1 answer

SELinux preventing Asterisk from connecting to IMAP server for voicemail

I am running Asterisk on Fedora 23 and am using the voicemail IMAP module to store voicemails to Gmail. When SELinux is in enforcing mode it prevents Asterisk from connecting to Gmail. Here is the error message from…

asked Apr 11 '16 at 03:37

user553702

votes

1 answer

Can't open port

I can't open port 25 and 587. Background information: I am running CentOS 7 with firewalld and httpd. Now I want to run a mailserver. I started with installing postfix. Then I added firewall rules for the ports 25 and 587. This is the output of…

centos postfix firewall smtp selinux

asked Mar 02 '16 at 17:23

LuMa

votes

1 answer

pam_tty audit logs gives too much of not required information

We are using pam_tty to record all the commands that user types. We are interested in monitoring the user commands. In the audit.log, when we grep for USER_TTY, there is too much of logging that comes. Here is the attached log screenshoot :- In…

pam selinux auditd

asked Feb 08 '16 at 08:52

zealvora

votes

1 answer

libsepol.policydb_read: policydb magic number

I'm trying to create a selinux .te file from a .pp file but the tools on fc22 don't work. Is this a bug or should I be doing something different? Environment: fc22 [root@fc20-64 ~]# rpm -q --whatprovides…

fedora selinux

asked Jan 30 '16 at 06:41

Hugh

votes

0 answers

Http request blocked on port 80

I currently have Centos 7 installed on EC2 with the following: Apache Php Mysql Iptables Firewalld Apache running Redirecting to /bin/systemctl status httpd.service ● httpd.service - The Apache HTTP Server Loaded: loaded …

iptables apache-2.4 httpd selinux firewalld

asked Jan 26 '16 at 01:28

Sino

votes

1 answer

can access virtualhost locally on the same server but cannot access on remote machine

A pretty wired problem occured when configure a virtualhost at port 81. When I use command curl 123.123.123.123:81 or curl localhost:81 in the same server, it got response. While when I access it from remote machine either by curl 123.123.123.123:81…

centos iptables virtualhost remote-access selinux

asked Jan 22 '16 at 06:18

franky

votes

1 answer

How can I run a salt state if a command prints zero rows?

I've got Salt and SELinux running on CentOS7. I want to run restorecon -Rv /path/to/something, but only if it's necessary. I know that Salt has the onlyif and unless commands, but I'm having a heck of a time googling for what I want. I want to write…

selinux saltstack

asked Dec 01 '15 at 20:09

Wayne Werner

votes

4 answers

Disabling SeLinux

I'm not sure if I remember when I installed red hat 5 on my server. So how I can be sure whether selinux is disabled or not?

linux redhat selinux

asked Oct 13 '09 at 08:24

Libyano

votes

1 answer

SELinux permissions for a socket and PID

I'm looking at getting rmilter installed on a CentOS 7 box. I'm trying to work out which SELinux labels/permissions I need for the daemon to bind/write to the following pidfile = /run/rmilter/rmilter.pid; bind_socket =…

centos7 selinux

asked Nov 05 '15 at 22:26

Boden Garman

votes

0 answers

xguest with Biometric validation

I am looking for a solution to the following problem: A server is connected to 'dummy' terminals (all-in-one computers) in an isolated network. These terminals have xguest account that are directly connected to the server. Access to the server is…

linux security selinux

asked Oct 05 '15 at 14:31

Quiescent

votes

1 answer

SSH allowing remote hosts to connect to local forwarded ports

I'm currently facing an issue with a RHEL 7.0 regarding the ssh option -g (i.e remote hosts connection to local forwarded ports ). I'm establishing a connection with port forwarding, from a server on myserver_ip address , with the usual command…

ssh redhat port-forwarding selinux rhel7

asked Sep 29 '15 at 13:26

devlearn

votes

1 answer

Nagios Selinux contexts on RHEL7 equivelant

I installed nagios core and plugins for the first time, and can't get it to work with SElinux. The error in the audit log is, type=AVC msg=audit(1441480084.865:710): avc: denied { execute } for pid=5444 comm="httpd" name="statusjson.cgi"…

nagios selinux

asked Sep 05 '15 at 19:51

xcorat

votes

0 answers

Suspicious SELinux Audit Log Entries PHP-FPM Write Denied - How to investigate?

I found a few /var/log/audit/audit.log entries which have me a little bit concerned. SEAlert explains them as such: SELinux is preventing /usr/sbin/php-fpm from write access on the directory wwwuserhome. Raw Audit Messages type=AVC…

php security php-fpm hacking selinux

asked Aug 19 '15 at 07:33

JayMcTee

3,923
1
13
22

votes

1 answer

Can't enable logging for Bind 9 on Red Hat

When I enable logging for Bind, I get a permissions denied error which is due to Bind running in chroot/selinux (avc denied write). I can't figure out how to reconfigure selinux to allow the log file to be writeable. Please could someone help? Thank…

linux bind selinux

asked Aug 03 '15 at 15:35

mbuk2k

votes

1 answer

Why is this HTTP to HTTPS redirection not working?

I have been reading through all the discussions on the subject and decided to use the Redirect method in the httpd.conf file with no luck... So I came back here to this knowledgable crowd. We have a service let's call it "host1" (https based) that…

http https selinux redirection

asked Jul 22 '15 at 14:46

oly

Prev 1 2 3

…

45 46 Next