Strange Message in /var/log/message

**IRCBrasil** · 01-09-2006 05:22 PM

Hi, i have a RH 4 with Kernel 2.6.9-22.0.1.ELsmp and i am receiving this message on logs:

Code:

Jan  9 19:08:41 ss32 kernel: audit(1136840944.333:58): avc:  denied  { read } for  pid=23095 comm="rndc" name="self" dev=proc ino=2 scontext=root:system_r:ndc_t tcontext=system_u:object_r:proc_t tclass=lnk_file
Jan  9 19:08:41 ss32 kernel: audit(1136840944.333:59): avc:  denied  { read } for  pid=23095 comm="rndc" name="exe" dev=proc ino=1513553928 scontext=root:system_r:ndc_t tcontext=root:system_r:ndc_t tclass=lnk_file

Someone know how fix it?

Thaks 4all!

**chirpy** · 01-09-2006 05:52 PM

IIRC, I believe that's SELINUX. If so, make sure it's disabled.

**IRCBrasil** · 01-09-2006 06:32 PM

Originally Posted by chirpy

IIRC, I believe that's SELINUX. If so, make sure it's disabled.

I dont think is it

Code:

root@ss32 [/etc/selinux]# cat config 
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#       enforcing - SELinux security policy is enforced.
#       permissive - SELinux prints warnings instead of enforcing.
#       disabled - SELinux is fully disabled.
SELINUX=disable
# SELINUXTYPE= type of policy in use. Possible values are:
#       targeted - Only targeted network daemons are protected.
#       strict - Full SELinux protection.
SELINUXTYPE=targeted
root@ss32 [/etc/selinux]#

**Izzee** · 01-10-2006 02:33 AM

Should that not be:
SELINUX=disabled

Not:
SELINUX=disable

**IRCBrasil** · 01-10-2006 09:27 AM

Originally Posted by Izzee

Should that not be:
SELINUX=disabled

Not:
SELINUX=disable

WOWWWW

I cant belive i forgot to put a simple "d"

Thank you

**rsutc** · 12-09-2006 09:48 AM

Originally Posted by chirpy

IIRC, I believe that's SELINUX. If so, make sure it's disabled.

Why should selinux be disabled?

RIck

**IberHosting** · 12-09-2006 12:12 PM

SELinux can cause some incompatabilities with cPanel

**Manuel_accu** · 12-12-2006 03:18 AM

Generally I have to restart my server after disabling it from config file. Is there any way without restarting I can disabled the SELinux feature?

Thanks,

**Un Area** · 01-24-2007 12:40 PM

Editing /etc/selinux/config file will disable SELinux on boot, however it will remain enabled until you restart the server.
To disable it without having to reboot type this command at the prompt

setenforce 0

And there you go! Selinux fully disabled without restarting

Regards

NT · 01-24-2007 12:51 PM

I believe you run "setenforce 0" (without the quotes) in shell, but I might be mistaken.

**chirpy** · 01-24-2007 12:53 PM

Have a read of:
http://www.redhat.com/docs/manuals/e...N-SECTION-0076

**Un Area** · 01-24-2007 12:53 PM

You are right, I just edited my post

SElinux is still a prototype for enhanced security, anyways you can secure your server in different ways.

**Manuel_accu** · 01-31-2007 05:05 AM

Neat!!!

very good information and URL of RedHat

LinkBack

Thread Tools

Strange Message in /var/log/message

yeah

/var partion is getting full message even after I clear out files.

Strange EXIM message

Strange message!

strange message

Strange Perl Error Message...