The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Strange Message in /var/log/message

Discussion in 'General Discussion' started by IRCBrasil, Jan 9, 2006.

  1. IRCBrasil

    IRCBrasil Well-Known Member

    Joined:
    Jul 22, 2004
    Messages:
    93
    Likes Received:
    0
    Trophy Points:
    6
    Hi, i have a RH 4 with Kernel 2.6.9-22.0.1.ELsmp and i am receiving this message on logs:

    Code:
    Jan  9 19:08:41 ss32 kernel: audit(1136840944.333:58): avc:  denied  { read } for  pid=23095 comm="rndc" name="self" dev=proc ino=2 scontext=root:system_r:ndc_t tcontext=system_u:object_r:proc_t tclass=lnk_file
    Jan  9 19:08:41 ss32 kernel: audit(1136840944.333:59): avc:  denied  { read } for  pid=23095 comm="rndc" name="exe" dev=proc ino=1513553928 scontext=root:system_r:ndc_t tcontext=root:system_r:ndc_t tclass=lnk_file 
    
    Someone know how fix it?

    Thaks 4all!
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    IIRC, I believe that's SELINUX. If so, make sure it's disabled.
     
  3. IRCBrasil

    IRCBrasil Well-Known Member

    Joined:
    Jul 22, 2004
    Messages:
    93
    Likes Received:
    0
    Trophy Points:
    6
    I dont think is it :(

    Code:
    root@ss32 [/etc/selinux]# cat config 
    # This file controls the state of SELinux on the system.
    # SELINUX= can take one of these three values:
    #       enforcing - SELinux security policy is enforced.
    #       permissive - SELinux prints warnings instead of enforcing.
    #       disabled - SELinux is fully disabled.
    SELINUX=disable
    # SELINUXTYPE= type of policy in use. Possible values are:
    #       targeted - Only targeted network daemons are protected.
    #       strict - Full SELinux protection.
    SELINUXTYPE=targeted
    root@ss32 [/etc/selinux]# 
    
     
  4. Izzee

    Izzee Well-Known Member

    Joined:
    Feb 6, 2004
    Messages:
    469
    Likes Received:
    0
    Trophy Points:
    16
    Should that not be:
    SELINUX=disabled

    Not:
    SELINUX=disable

    :)
     
  5. IRCBrasil

    IRCBrasil Well-Known Member

    Joined:
    Jul 22, 2004
    Messages:
    93
    Likes Received:
    0
    Trophy Points:
    6
    WOWWWW

    I cant belive i forgot to put a simple "d"

    Thank you
     
  6. rsutc

    rsutc Well-Known Member

    Joined:
    Oct 8, 2002
    Messages:
    75
    Likes Received:
    0
    Trophy Points:
    6
    Why should selinux be disabled?

    RIck
     
  7. IberHosting

    IberHosting Well-Known Member

    Joined:
    Jun 1, 2005
    Messages:
    124
    Likes Received:
    0
    Trophy Points:
    16
    SELinux can cause some incompatabilities with cPanel
     
  8. Manuel_accu

    Manuel_accu Well-Known Member

    Joined:
    Jun 19, 2005
    Messages:
    191
    Likes Received:
    0
    Trophy Points:
    16
    Generally I have to restart my server after disabling it from config file. Is there any way without restarting I can disabled the SELinux feature?

    Thanks,
     
  9. Un Area

    Un Area Well-Known Member

    Joined:
    Nov 16, 2006
    Messages:
    78
    Likes Received:
    0
    Trophy Points:
    6
    yeah

    Editing /etc/selinux/config file will disable SELinux on boot, however it will remain enabled until you restart the server.
    To disable it without having to reboot type this command at the prompt

    setenforce 0

    And there you go! Selinux fully disabled without restarting :D

    Regards
     
    #9 Un Area, Jan 24, 2007
    Last edited: Jan 24, 2007
  10. NT

    NT Well-Known Member

    Joined:
    May 4, 2004
    Messages:
    137
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    England, UK
    I believe you run "setenforce 0" (without the quotes) in shell, but I might be mistaken.
     
  11. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
  12. Un Area

    Un Area Well-Known Member

    Joined:
    Nov 16, 2006
    Messages:
    78
    Likes Received:
    0
    Trophy Points:
    6
    You are right, I just edited my post :) SElinux is still a prototype for enhanced security, anyways you can secure your server in different ways.
     
    #12 Un Area, Jan 24, 2007
    Last edited: Jan 24, 2007
  13. Manuel_accu

    Manuel_accu Well-Known Member

    Joined:
    Jun 19, 2005
    Messages:
    191
    Likes Received:
    0
    Trophy Points:
    16
    Neat!!!


    very good information and URL of RedHat
     
Loading...

Share This Page