Strange Message in /var/log/message

IRCBrasil

Well-Known Member
Jul 22, 2004
93
0
156
Hi, i have a RH 4 with Kernel 2.6.9-22.0.1.ELsmp and i am receiving this message on logs:

Code:
Jan  9 19:08:41 ss32 kernel: audit(1136840944.333:58): avc:  denied  { read } for  pid=23095 comm="rndc" name="self" dev=proc ino=2 scontext=root:system_r:ndc_t tcontext=system_u:object_r:proc_t tclass=lnk_file
Jan  9 19:08:41 ss32 kernel: audit(1136840944.333:59): avc:  denied  { read } for  pid=23095 comm="rndc" name="exe" dev=proc ino=1513553928 scontext=root:system_r:ndc_t tcontext=root:system_r:ndc_t tclass=lnk_file
Someone know how fix it?

Thaks 4all!
 

IRCBrasil

Well-Known Member
Jul 22, 2004
93
0
156
chirpy said:
IIRC, I believe that's SELINUX. If so, make sure it's disabled.
I dont think is it :(

Code:
[email protected] [/etc/selinux]# cat config 
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#       enforcing - SELinux security policy is enforced.
#       permissive - SELinux prints warnings instead of enforcing.
#       disabled - SELinux is fully disabled.
SELINUX=disable
# SELINUXTYPE= type of policy in use. Possible values are:
#       targeted - Only targeted network daemons are protected.
#       strict - Full SELinux protection.
SELINUXTYPE=targeted
[email protected] [/etc/selinux]#
 

Un Area

Well-Known Member
Nov 16, 2006
90
1
156
yeah

Editing /etc/selinux/config file will disable SELinux on boot, however it will remain enabled until you restart the server.
To disable it without having to reboot type this command at the prompt

setenforce 0

And there you go! Selinux fully disabled without restarting :D

Regards
 
Last edited:

NT

Well-Known Member
May 4, 2004
137
0
166
England, UK
I believe you run "setenforce 0" (without the quotes) in shell, but I might be mistaken.
 

Un Area

Well-Known Member
Nov 16, 2006
90
1
156
You are right, I just edited my post :) SElinux is still a prototype for enhanced security, anyways you can secure your server in different ways.
 
Last edited: