[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: F10 Logwatch and avc(s) long post

From: Chuck Anderson <cra WPI EDU>
To: "fedora-selinux-list redhat com" <fedora-selinux-list redhat com>
Subject: Re: F10 Logwatch and avc(s) long post
Date: Sat, 22 Nov 2008 11:20:07 -0500

On Sat, Nov 22, 2008 at 01:10:44PM +0000, Frank Murphy wrote:
> Daniel J Walsh wrote:
> >
> > 
> > So you have logwatch execing netstat?  Do you know what script is doing
> > this?
> 
> /usr/share/logwatch/default.conf/logwatch.conf pasteed to:
> 
> The only real change is a #Service = "-zz-network", and Detail = Med

There are a few scripts that are disabled by default.  The 
"-zz-network" means "disable the zz-network script".  By commenting 
that out, you are reenabling the zz-network script.  Here are the 
services which are disabled by default which probably don't have 
SELinux rules for them yet:

Service = "-zz-network"     # Prevents execution of zz-network service, which
                            # prints useful network configuration info.
Service = "-zz-sys"         # Prevents execution of zz-sys service, which
                            # prints useful system configuration info.
Service = "-eximstats"      # Prevents execution of eximstats service, which
                            # is a wrapper for the eximstats program.

The scripts that run when these are re-enabled are in 
/usr/share/logwatch/scripts/services/.  From my reading of the 
zz-network script, it calls the following programs:

/sbin/chkconfig
/usr/bin/vtysh
/usr/sbin/routeadm
/sbin/ip
netstat
ifconfig

and reads the following files:

/etc/sysctl.conf
/proc/sys/net/ipv4/ip_forward

References:
- F10 Logwatch and avc(s) long post
  - From: Frank Murphy
- Re: F10 Logwatch and avc(s) long post
  - From: Daniel J Walsh
- Re: F10 Logwatch and avc(s) long post
  - From: Frank Murphy

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]