SELinux alerts
Colin Paul Adams
colin at colina.demon.co.uk
Sun Jan 27 08:23:56 UTC 2008
>>>>> "Tim" == Tim <ignored_mailbox at yahoo.com.au> writes:
Tim> On Sat, 2008-01-26 at 06:49 +0000, Colin Paul Adams wrote:
>> I just installed (via yum) and started squid.
>>
>> I then noticed I had some SELinux alert
Tim> Have you configured SELinux to allow Squid? The default was,
Tim> and probably still is, not to allow Squid to use the network
Tim> until you explicitly allow it.
Tim> There's a SELinux management tool that lets you easily tweak
Tim> the booleans.
I found it now.
The boolean for squid reads:
Allow squid to connect to all ports, not just HTTP, FTP and Gopher.
It is not checked. I'm not sure that I want to check it. I would first
like to know what squid was trying to connect to. The alert did not
tell me that (at least, if it did, i didn't understand it).
Is there a way I can find out which port was being accessed?
Hm. It doesn't mention HTTPS, but maybe that is subsumed by HTTP.
--
Colin Adams
Preston Lancashire
More information about the fedora-list
mailing list