Avc´s while running rkhunter
pi
zico at algohotellet.se
Fri Oct 20 08:53:06 UTC 2006
Hashes seems OK when i turn selinux protection off, as soon as i turn
selinux on while running rkhunter, they show up as BAD.
So i figure they are okey, but rkhunter is denied access to something.
Can someone explain what i ahev to do to make it right?
I´m on fc5, and i think it´s fully updated if i havent missed out on
any new repos.
dries.repo fedora-extras.repo
freshrpms.repo
fedora-core.repo fedora-legacy.repo livna.repo
fedora-development.repo fedora-updates.repo
macromedia.repo
fedora-extras-development.repo fedora-updates-testing.repo nuu.repo
--------------------------------------------------------
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: enforcing
Mode from config file: enforcing
Policy version: 21
Policy from config file: targeted
--------------------------------------------------------
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: permissive
Mode from config file: enforcing
Policy version: 21
Policy from config file: targeted
--------------------------------------------------------
type=AVC msg=audit(1161332509.183:234): avc: denied { read write }
for pid=28899 comm="prelink" name="0" dev=devpts ino=2
scontext=user_u:system_r:prelink_t:s0
tcontext=user_u:object_r:devpts_t:s0 tclass=chr_file
type=AVC msg=audit(1161332509.183:234): avc: denied { read write }
for pid=28899 comm="prelink" name="0" dev=devpts ino=2
scontext=user_u:system_r:prelink_t:s0
tcontext=user_u:object_r:devpts_t:s0 tclass=chr_file
type=AVC msg=audit(1161332509.183:234): avc: denied { write } for
pid=28899 comm="prelink" name="prelink.tst" dev=dm-0 ino=1277164
scontext=user_u:system_r:prelink_t:s0 tcontext=user_u:object_r:var_t:s0
tclass=file
type=AVC msg=audit(1161332509.183:234): avc: denied { read write }
for pid=28899 comm="prelink" name="0" dev=devpts ino=2
scontext=user_u:system_r:prelink_t:s0
tcontext=user_u:object_r:devpts_t:s0 tclass=chr_file
type=SYSCALL msg=audit(1161332509.183:234): arch=40000003 syscall=11
success=yes exit=0 a0=8fd6ec8 a1=8fd6ae0 a2=8f4b3b8 a3=8fd6d38 items=0
ppid=28898 pid=28899 auid=523 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="prelink" exe="/usr/sbin/prelink"
subj=user_u:system_r:prelink_t:s0 key=(null)
type=AVC_PATH msg=audit(1161332509.183:234): path="/dev/pts/0"
type=AVC_PATH msg=audit(1161332509.183:234):
path="/var/rkhunter/tmp/prelink.tst"
type=AVC_PATH msg=audit(1161332509.183:234): path="/dev/pts/0"
type=AVC msg=audit(1161332509.859:235): avc: denied { read write }
for pid=28959 comm="prelink" name="0" dev=devpts ino=2
scontext=user_u:system_r:prelink_t:s0
tcontext=user_u:object_r:devpts_t:s0 tclass=chr_file
type=AVC msg=audit(1161332509.859:235): avc: denied { read write }
for pid=28959 comm="prelink" name="0" dev=devpts ino=2
scontext=user_u:system_r:prelink_t:s0
tcontext=user_u:object_r:devpts_t:s0 tclass=chr_file
type=AVC msg=audit(1161332509.859:235): avc: denied { write } for
pid=28959 comm="prelink" name="prelink.tst" dev=dm-0 ino=1277164
scontext=user_u:system_r:prelink_t:s0 tcontext=user_u:object_r:var_t:s0
tclass=file
type=AVC msg=audit(1161332509.859:235): avc: denied { read write }
for pid=28959 comm="prelink" name="0" dev=devpts ino=2
scontext=user_u:system_r:prelink_t:s0
tcontext=user_u:object_r:devpts_t:s0 tclass=chr_file
type=SYSCALL msg=audit(1161332509.859:235): arch=40000003 syscall=11
success=yes exit=0 a0=8fd66f0 a1=8fd6ae0 a2=8f4b3b8 a3=8fd6ea0 items=0
ppid=28958 pid=28959 auid=523 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="prelink" exe="/usr/sbin/prelink"
subj=user_u:system_r:prelink_t:s0 key=(null)
type=AVC_PATH msg=audit(1161332509.859:235): path="/dev/pts/0"
type=AVC_PATH msg=audit(1161332509.859:235):
path="/var/rkhunter/tmp/prelink.tst"
type=AVC_PATH msg=audit(1161332509.859:235): path="/dev/pts/0"
Regards
/pi
More information about the fedora-selinux-list
mailing list