#1 (permalink)  
Old 01-09-2006, 05:22 PM
Registered User
 
Join Date: Jul 2004
Posts: 95
IRCBrasil is on a distinguished road
Strange Message in /var/log/message

Hi, i have a RH 4 with Kernel 2.6.9-22.0.1.ELsmp and i am receiving this message on logs:

Code:
Jan  9 19:08:41 ss32 kernel: audit(1136840944.333:58): avc:  denied  { read } for  pid=23095 comm="rndc" name="self" dev=proc ino=2 scontext=root:system_r:ndc_t tcontext=system_u:object_r:proc_t tclass=lnk_file
Jan  9 19:08:41 ss32 kernel: audit(1136840944.333:59): avc:  denied  { read } for  pid=23095 comm="rndc" name="exe" dev=proc ino=1513553928 scontext=root:system_r:ndc_t tcontext=root:system_r:ndc_t tclass=lnk_file
Someone know how fix it?

Thaks 4all!
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 01-09-2006, 05:52 PM
chirpy's Avatar
Moderator
 
Join Date: Jun 2002
Location: Go on, have a guess
Posts: 13,495
chirpy will become famous soon enough
IIRC, I believe that's SELINUX. If so, make sure it's disabled.
__________________
Jonathan Michaelson
cPanel Forum Moderator

Need your cPanel servers secured and tuned?
cPanel Server Configuration, Security, Recovery and Antivirus/AntiSpam Services
Developers of the most effective (and free) Firewall & Security Solution for cPanel Servers - csf
http://www.configserver.com
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #3 (permalink)  
Old 01-09-2006, 06:32 PM
Registered User
 
Join Date: Jul 2004
Posts: 95
IRCBrasil is on a distinguished road
Quote:
Originally Posted by chirpy
IIRC, I believe that's SELINUX. If so, make sure it's disabled.
I dont think is it

Code:
root@ss32 [/etc/selinux]# cat config 
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#       enforcing - SELinux security policy is enforced.
#       permissive - SELinux prints warnings instead of enforcing.
#       disabled - SELinux is fully disabled.
SELINUX=disable
# SELINUXTYPE= type of policy in use. Possible values are:
#       targeted - Only targeted network daemons are protected.
#       strict - Full SELinux protection.
SELINUXTYPE=targeted
root@ss32 [/etc/selinux]#
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #4 (permalink)  
Old 01-10-2006, 02:33 AM
Registered User
 
Join Date: Feb 2004
Posts: 469
Izzee is on a distinguished road
Should that not be:
SELINUX=disabled

Not:
SELINUX=disable

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #5 (permalink)  
Old 01-10-2006, 09:27 AM
Registered User
 
Join Date: Jul 2004
Posts: 95
IRCBrasil is on a distinguished road
Talking

Quote:
Originally Posted by Izzee
Should that not be:
SELINUX=disabled

Not:
SELINUX=disable

WOWWWW

I cant belive i forgot to put a simple "d"

Thank you
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #6 (permalink)  
Old 12-09-2006, 09:48 AM
Registered User
 
Join Date: Oct 2002
Posts: 67
rsutc
Quote:
Originally Posted by chirpy View Post
IIRC, I believe that's SELINUX. If so, make sure it's disabled.
Why should selinux be disabled?

RIck
__________________
Rick Sutcliffe
http://www.webnamehost.net
a.k.a. The Northern Spy http://www.thenorthernspy.com
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #7 (permalink)  
Old 12-09-2006, 12:12 PM
Registered User
 
Join Date: Jun 2005
Posts: 124
IberHosting is on a distinguished road
SELinux can cause some incompatabilities with cPanel
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #8 (permalink)  
Old 12-12-2006, 03:18 AM
Manuel_accu's Avatar
Registered User
 
Join Date: Jun 2005
Posts: 191
Manuel_accu is on a distinguished road
Generally I have to restart my server after disabling it from config file. Is there any way without restarting I can disabled the SELinux feature?

Thanks,
__________________
Linux Web Administrator Guide
Optimize, secure and performance tunning for Apache || MySQL5.1 Cluster How To
The visionary conceives the impossible, The missionary makes it possible. ...Gita.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #9 (permalink)  
Old 01-24-2007, 12:40 PM
Un Area's Avatar
Registered User
 
Join Date: Nov 2006
Posts: 53
Un Area is on a distinguished road
yeah

Editing /etc/selinux/config file will disable SELinux on boot, however it will remain enabled until you restart the server.
To disable it without having to reboot type this command at the prompt

setenforce 0

And there you go! Selinux fully disabled without restarting

Regards
__________________
Un Area Webhosting® : Your space on the net
http://www.unarea.com

Last edited by Un Area; 01-24-2007 at 12:52 PM.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #10 (permalink)  
Old 01-24-2007, 12:51 PM
NT NT is offline
Registered User
 
Join Date: May 2004
Location: England, UK
Posts: 136
NT is on a distinguished road
I believe you run "setenforce 0" (without the quotes) in shell, but I might be mistaken.
__________________
Nick
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #11 (permalink)  
Old 01-24-2007, 12:53 PM
chirpy's Avatar
Moderator
 
Join Date: Jun 2002
Location: Go on, have a guess
Posts: 13,495
chirpy will become famous soon enough
Have a read of:
http://www.redhat.com/docs/manuals/e...N-SECTION-0076
__________________
Jonathan Michaelson
cPanel Forum Moderator

Need your cPanel servers secured and tuned?
cPanel Server Configuration, Security, Recovery and Antivirus/AntiSpam Services
Developers of the most effective (and free) Firewall & Security Solution for cPanel Servers - csf
http://www.configserver.com
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #12 (permalink)  
Old 01-24-2007, 12:53 PM
Un Area's Avatar
Registered User
 
Join Date: Nov 2006
Posts: 53
Un Area is on a distinguished road
You are right, I just edited my post SElinux is still a prototype for enhanced security, anyways you can secure your server in different ways.
__________________
Un Area Webhosting® : Your space on the net
http://www.unarea.com

Last edited by Un Area; 01-24-2007 at 03:01 PM.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #13 (permalink)  
Old 01-31-2007, 05:05 AM
Manuel_accu's Avatar
Registered User
 
Join Date: Jun 2005
Posts: 191
Manuel_accu is on a distinguished road
Neat!!!


very good information and URL of RedHat
__________________
Linux Web Administrator Guide
Optimize, secure and performance tunning for Apache || MySQL5.1 Cluster How To
The visionary conceives the impossible, The missionary makes it possible. ...Gita.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -5. The time now is 07:29 AM.


Powered by vBulletin® Version 3.8.2
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
© cPanel Inc