Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 292257 Details for
Bug 425241
SELinux is preventing /usr/sbin/sendmail.sendmail (sendmail_t) "read write" to socket (initrc_t).
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
Saved SELinux alerts after restarting fail2ban
selinux_alert-20080119.txt (text/plain), 51.43 KB, created by
Ian Shields
on 2008-01-19 14:16:30 UTC
(
hide
)
Description:
Saved SELinux alerts after restarting fail2ban
Filename:
MIME Type:
Creator:
Ian Shields
Created:
2008-01-19 14:16:30 UTC
Size:
51.43 KB
patch
obsolete
>Summary > SELinux is preventing sh (fail2ban_t) "execute" to <Unknown> > (sendmail_exec_t). > >Detailed Description > SELinux denied access requested by sh. It is not expected that this access > is required by sh and this access may signal an intrusion attempt. It is > also possible that the specific version or configuration of the application > is causing it to require additional access. > >Allowing Access > Sometimes labeling problems can cause SELinux denials. You could try to > restore the default system file context for <Unknown>, restorecon -v > <Unknown> If this does not work, there is currently no automatic way to > allow this access. Instead, you can generate a local policy module to allow > this access - see http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 > Or you can disable SELinux protection altogether. Disabling SELinux > protection is not recommended. Please file a > http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package. > >Additional Information > >Source Context system_u:system_r:fail2ban_t:s0 >Target Context system_u:object_r:sendmail_exec_t:s0 >Target Objects None [ file ] >Affected RPM Packages >Policy RPM selinux-policy-3.0.8-74.fc8 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Permissive >Plugin Name plugins.catchall_file >Host Name attic4 >Platform Linux attic4 2.6.23.9-85.fc8 #1 SMP Fri Dec 7 > 15:49:36 EST 2007 x86_64 x86_64 >Alert Count 1 >First Seen Sat 19 Jan 2008 12:07:05 AM EST >Last Seen Sat 19 Jan 2008 12:07:05 AM EST >Local ID 9d652a06-293e-4e58-8947-878b00f3167f >Line Numbers > >Raw Audit Messages > >avc: denied { execute } for comm=sh dev=sda15 name=sendmail.sendmail pid=21790 >scontext=system_u:system_r:fail2ban_t:s0 tclass=file >tcontext=system_u:object_r:sendmail_exec_t:s0 > > >Summary > SELinux is preventing /usr/sbin/sendmail.sendmail (fail2ban_t) "setgid" to > <Unknown> (fail2ban_t). > >Detailed Description > SELinux denied access requested by /usr/sbin/sendmail.sendmail. It is not > expected that this access is required by /usr/sbin/sendmail.sendmail and > this access may signal an intrusion attempt. It is also possible that the > specific version or configuration of the application is causing it to > require additional access. > >Allowing Access > You can generate a local policy module to allow this access - see > http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable > SELinux protection altogether. Disabling SELinux protection is not > recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi > against this package. > >Additional Information > >Source Context system_u:system_r:fail2ban_t:s0 >Target Context system_u:system_r:fail2ban_t:s0 >Target Objects None [ capability ] >Affected RPM Packages sendmail-8.14.2-1.fc8 [application] >Policy RPM selinux-policy-3.0.8-74.fc8 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Permissive >Plugin Name plugins.catchall >Host Name attic4 >Platform Linux attic4 2.6.23.9-85.fc8 #1 SMP Fri Dec 7 > 15:49:36 EST 2007 x86_64 x86_64 >Alert Count 1 >First Seen Sat 19 Jan 2008 12:07:05 AM EST >Last Seen Sat 19 Jan 2008 12:07:05 AM EST >Local ID 927b9754-6cd9-4bff-85a5-c7bad90ae3d7 >Line Numbers > >Raw Audit Messages > >avc: denied { setgid } for comm=sendmail egid=51 euid=0 >exe=/usr/sbin/sendmail.sendmail exit=0 fsgid=51 fsuid=0 gid=0 items=0 pid=21790 >scontext=system_u:system_r:fail2ban_t:s0 sgid=51 >subj=system_u:system_r:fail2ban_t:s0 suid=0 tclass=capability >tcontext=system_u:system_r:fail2ban_t:s0 tty=(none) uid=0 > > >Summary > SELinux is preventing /usr/sbin/sendmail.sendmail (fail2ban_t) "read" to > <Unknown> (net_conf_t). > >Detailed Description > SELinux denied access requested by /usr/sbin/sendmail.sendmail. It is not > expected that this access is required by /usr/sbin/sendmail.sendmail and > this access may signal an intrusion attempt. It is also possible that the > specific version or configuration of the application is causing it to > require additional access. > >Allowing Access > Sometimes labeling problems can cause SELinux denials. You could try to > restore the default system file context for <Unknown>, restorecon -v > <Unknown> If this does not work, there is currently no automatic way to > allow this access. Instead, you can generate a local policy module to allow > this access - see http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 > Or you can disable SELinux protection altogether. Disabling SELinux > protection is not recommended. Please file a > http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package. > >Additional Information > >Source Context system_u:system_r:fail2ban_t:s0 >Target Context system_u:object_r:net_conf_t:s0 >Target Objects None [ file ] >Affected RPM Packages sendmail-8.14.2-1.fc8 [application] >Policy RPM selinux-policy-3.0.8-74.fc8 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Permissive >Plugin Name plugins.catchall_file >Host Name attic4 >Platform Linux attic4 2.6.23.9-85.fc8 #1 SMP Fri Dec 7 > 15:49:36 EST 2007 x86_64 x86_64 >Alert Count 1 >First Seen Sat 19 Jan 2008 12:07:05 AM EST >Last Seen Sat 19 Jan 2008 12:07:05 AM EST >Local ID ed0e9f7a-27a8-49a4-ba71-c69cd787531b >Line Numbers > >Raw Audit Messages > >avc: denied { read } for comm=sendmail dev=sda15 egid=51 euid=0 >exe=/usr/sbin/sendmail.sendmail exit=3 fsgid=51 fsuid=0 gid=0 items=0 >name=resolv.conf pid=21790 scontext=system_u:system_r:fail2ban_t:s0 sgid=51 >subj=system_u:system_r:fail2ban_t:s0 suid=0 tclass=file >tcontext=system_u:object_r:net_conf_t:s0 tty=(none) uid=0 > > >Summary > SELinux is preventing /usr/sbin/sendmail.sendmail (fail2ban_t) "getattr" to > /etc/resolv.conf (net_conf_t). > >Detailed Description > SELinux denied access requested by /usr/sbin/sendmail.sendmail. It is not > expected that this access is required by /usr/sbin/sendmail.sendmail and > this access may signal an intrusion attempt. It is also possible that the > specific version or configuration of the application is causing it to > require additional access. > >Allowing Access > Sometimes labeling problems can cause SELinux denials. You could try to > restore the default system file context for /etc/resolv.conf, restorecon -v > /etc/resolv.conf If this does not work, there is currently no automatic way > to allow this access. Instead, you can generate a local policy module to > allow this access - see http://fedora.redhat.com/docs/selinux-faq- > fc5/#id2961385 Or you can disable SELinux protection altogether. Disabling > SELinux protection is not recommended. Please file a > http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package. > >Additional Information > >Source Context system_u:system_r:fail2ban_t:s0 >Target Context system_u:object_r:net_conf_t:s0 >Target Objects /etc/resolv.conf [ file ] >Affected RPM Packages sendmail-8.14.2-1.fc8 [application] >Policy RPM selinux-policy-3.0.8-74.fc8 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Permissive >Plugin Name plugins.catchall_file >Host Name attic4 >Platform Linux attic4 2.6.23.9-85.fc8 #1 SMP Fri Dec 7 > 15:49:36 EST 2007 x86_64 x86_64 >Alert Count 1 >First Seen Sat 19 Jan 2008 12:07:05 AM EST >Last Seen Sat 19 Jan 2008 12:07:05 AM EST >Local ID fcf64ba2-26f2-44c0-a7f3-e6670d36547f >Line Numbers > >Raw Audit Messages > >avc: denied { getattr } for comm=sendmail dev=sda15 egid=51 euid=0 >exe=/usr/sbin/sendmail.sendmail exit=0 fsgid=51 fsuid=0 gid=0 items=0 >path=/etc/resolv.conf pid=21790 scontext=system_u:system_r:fail2ban_t:s0 sgid=51 >subj=system_u:system_r:fail2ban_t:s0 suid=0 tclass=file >tcontext=system_u:object_r:net_conf_t:s0 tty=(none) uid=0 > > >Summary > SELinux is preventing sendmail (fail2ban_t) "search" to <Unknown> > (etc_mail_t). > >Detailed Description > SELinux denied access requested by sendmail. It is not expected that this > access is required by sendmail and this access may signal an intrusion > attempt. It is also possible that the specific version or configuration of > the application is causing it to require additional access. > >Allowing Access > Sometimes labeling problems can cause SELinux denials. You could try to > restore the default system file context for <Unknown>, restorecon -v > <Unknown> If this does not work, there is currently no automatic way to > allow this access. Instead, you can generate a local policy module to allow > this access - see http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 > Or you can disable SELinux protection altogether. Disabling SELinux > protection is not recommended. Please file a > http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package. > >Additional Information > >Source Context system_u:system_r:fail2ban_t:s0 >Target Context system_u:object_r:etc_mail_t:s0 >Target Objects None [ dir ] >Affected RPM Packages >Policy RPM selinux-policy-3.0.8-74.fc8 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Permissive >Plugin Name plugins.catchall_file >Host Name attic4 >Platform Linux attic4 2.6.23.9-85.fc8 #1 SMP Fri Dec 7 > 15:49:36 EST 2007 x86_64 x86_64 >Alert Count 1 >First Seen Sat 19 Jan 2008 12:07:05 AM EST >Last Seen Sat 19 Jan 2008 12:07:05 AM EST >Local ID d04681ee-3c02-4b33-b109-8f38fc688cc6 >Line Numbers > >Raw Audit Messages > >avc: denied { search } for comm=sendmail dev=sda15 name=mail pid=21790 >scontext=system_u:system_r:fail2ban_t:s0 tclass=dir >tcontext=system_u:object_r:etc_mail_t:s0 > > >Summary > SELinux is preventing /usr/sbin/sendmail.sendmail (fail2ban_t) "setuid" to > <Unknown> (fail2ban_t). > >Detailed Description > SELinux denied access requested by /usr/sbin/sendmail.sendmail. It is not > expected that this access is required by /usr/sbin/sendmail.sendmail and > this access may signal an intrusion attempt. It is also possible that the > specific version or configuration of the application is causing it to > require additional access. > >Allowing Access > You can generate a local policy module to allow this access - see > http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable > SELinux protection altogether. Disabling SELinux protection is not > recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi > against this package. > >Additional Information > >Source Context system_u:system_r:fail2ban_t:s0 >Target Context system_u:system_r:fail2ban_t:s0 >Target Objects None [ capability ] >Affected RPM Packages sendmail-8.14.2-1.fc8 [application] >Policy RPM selinux-policy-3.0.8-74.fc8 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Permissive >Plugin Name plugins.catchall >Host Name attic4 >Platform Linux attic4 2.6.23.9-85.fc8 #1 SMP Fri Dec 7 > 15:49:36 EST 2007 x86_64 x86_64 >Alert Count 1 >First Seen Sat 19 Jan 2008 12:07:05 AM EST >Last Seen Sat 19 Jan 2008 12:07:05 AM EST >Local ID 4a71329b-1029-45c2-8342-3e44c5b9989e >Line Numbers > >Raw Audit Messages > >avc: denied { setuid } for comm=sendmail egid=51 euid=51 >exe=/usr/sbin/sendmail.sendmail exit=0 fsgid=51 fsuid=51 gid=51 items=0 >pid=21790 scontext=system_u:system_r:fail2ban_t:s0 sgid=51 >subj=system_u:system_r:fail2ban_t:s0 suid=51 tclass=capability >tcontext=system_u:system_r:fail2ban_t:s0 tty=(none) uid=51 > > >Summary > SELinux is preventing /usr/sbin/sendmail.sendmail (fail2ban_t) "search" to > <Unknown> (var_spool_t). > >Detailed Description > SELinux denied access requested by /usr/sbin/sendmail.sendmail. It is not > expected that this access is required by /usr/sbin/sendmail.sendmail and > this access may signal an intrusion attempt. It is also possible that the > specific version or configuration of the application is causing it to > require additional access. > >Allowing Access > Sometimes labeling problems can cause SELinux denials. You could try to > restore the default system file context for <Unknown>, restorecon -v > <Unknown> If this does not work, there is currently no automatic way to > allow this access. Instead, you can generate a local policy module to allow > this access - see http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 > Or you can disable SELinux protection altogether. Disabling SELinux > protection is not recommended. Please file a > http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package. > >Additional Information > >Source Context system_u:system_r:fail2ban_t:s0 >Target Context system_u:object_r:var_spool_t:s0 >Target Objects None [ dir ] >Affected RPM Packages sendmail-8.14.2-1.fc8 [application] >Policy RPM selinux-policy-3.0.8-74.fc8 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Permissive >Plugin Name plugins.catchall_file >Host Name attic4 >Platform Linux attic4 2.6.23.9-85.fc8 #1 SMP Fri Dec 7 > 15:49:36 EST 2007 x86_64 x86_64 >Alert Count 0 >First Seen Sat 19 Jan 2008 12:07:05 AM EST >Last Seen Sat 19 Jan 2008 12:07:05 AM EST >Local ID 60a821a9-db91-4a5f-a074-3b2e483ebd6d >Line Numbers > >Raw Audit Messages > >avc: denied { search } for comm=sendmail dev=sda15 egid=51 euid=51 >exe=/usr/sbin/sendmail.sendmail exit=0 fsgid=51 fsuid=51 gid=51 items=0 >name=spool pid=21790 scontext=system_u:system_r:fail2ban_t:s0 sgid=51 >subj=system_u:system_r:fail2ban_t:s0 suid=51 tclass=dir >tcontext=system_u:object_r:var_spool_t:s0 tty=(none) uid=51 > > >Summary > SELinux is preventing /usr/sbin/sendmail.sendmail (fail2ban_t) "getattr" to > /var/spool/clientmqueue (mqueue_spool_t). > >Detailed Description > SELinux denied access requested by /usr/sbin/sendmail.sendmail. It is not > expected that this access is required by /usr/sbin/sendmail.sendmail and > this access may signal an intrusion attempt. It is also possible that the > specific version or configuration of the application is causing it to > require additional access. > >Allowing Access > Sometimes labeling problems can cause SELinux denials. You could try to > restore the default system file context for /var/spool/clientmqueue, > restorecon -v /var/spool/clientmqueue If this does not work, there is > currently no automatic way to allow this access. Instead, you can generate > a local policy module to allow this access - see > http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable > SELinux protection altogether. Disabling SELinux protection is not > recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi > against this package. > >Additional Information > >Source Context system_u:system_r:fail2ban_t:s0 >Target Context system_u:object_r:mqueue_spool_t:s0 >Target Objects /var/spool/clientmqueue [ dir ] >Affected RPM Packages sendmail-8.14.2-1.fc8 > [application]sendmail-8.14.2-1.fc8 [target] >Policy RPM selinux-policy-3.0.8-74.fc8 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Permissive >Plugin Name plugins.catchall_file >Host Name attic4 >Platform Linux attic4 2.6.23.9-85.fc8 #1 SMP Fri Dec 7 > 15:49:36 EST 2007 x86_64 x86_64 >Alert Count 0 >First Seen Sat 19 Jan 2008 12:07:05 AM EST >Last Seen Sat 19 Jan 2008 12:07:05 AM EST >Local ID c8e120f6-9405-4333-8584-7ad6170549ee >Line Numbers > >Raw Audit Messages > >avc: denied { getattr } for comm=sendmail dev=sda15 egid=51 euid=51 >exe=/usr/sbin/sendmail.sendmail exit=0 fsgid=51 fsuid=51 gid=51 items=0 >path=/var/spool/clientmqueue pid=21790 scontext=system_u:system_r:fail2ban_t:s0 >sgid=51 subj=system_u:system_r:fail2ban_t:s0 suid=51 tclass=dir >tcontext=system_u:object_r:mqueue_spool_t:s0 tty=(none) uid=51 > > >Summary > SELinux is preventing /usr/sbin/sendmail.sendmail (fail2ban_t) "getattr" to > /var/spool (var_spool_t). > >Detailed Description > SELinux denied access requested by /usr/sbin/sendmail.sendmail. It is not > expected that this access is required by /usr/sbin/sendmail.sendmail and > this access may signal an intrusion attempt. It is also possible that the > specific version or configuration of the application is causing it to > require additional access. > >Allowing Access > Sometimes labeling problems can cause SELinux denials. You could try to > restore the default system file context for /var/spool, restorecon -v > /var/spool If this does not work, there is currently no automatic way to > allow this access. Instead, you can generate a local policy module to allow > this access - see http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 > Or you can disable SELinux protection altogether. Disabling SELinux > protection is not recommended. Please file a > http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package. > >Additional Information > >Source Context system_u:system_r:fail2ban_t:s0 >Target Context system_u:object_r:var_spool_t:s0 >Target Objects /var/spool [ dir ] >Affected RPM Packages sendmail-8.14.2-1.fc8 > [application]filesystem-2.4.11-1.fc8 [target] >Policy RPM selinux-policy-3.0.8-74.fc8 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Permissive >Plugin Name plugins.catchall_file >Host Name attic4 >Platform Linux attic4 2.6.23.9-85.fc8 #1 SMP Fri Dec 7 > 15:49:36 EST 2007 x86_64 x86_64 >Alert Count 1 >First Seen Sat 19 Jan 2008 12:07:05 AM EST >Last Seen Sat 19 Jan 2008 12:07:05 AM EST >Local ID 216c1dcb-7f76-4f15-a887-29c99efc6a18 >Line Numbers > >Raw Audit Messages > >avc: denied { getattr } for comm=sendmail dev=sda15 egid=51 euid=51 >exe=/usr/sbin/sendmail.sendmail exit=0 fsgid=51 fsuid=51 gid=51 items=0 >path=/var/spool pid=21790 scontext=system_u:system_r:fail2ban_t:s0 sgid=51 >subj=system_u:system_r:fail2ban_t:s0 suid=51 tclass=dir >tcontext=system_u:object_r:var_spool_t:s0 tty=(none) uid=51 > > >Summary > SELinux is preventing /usr/sbin/sendmail.sendmail (fail2ban_t) "write" to > <Unknown> (fail2ban_t). > >Detailed Description > SELinux denied access requested by /usr/sbin/sendmail.sendmail. It is not > expected that this access is required by /usr/sbin/sendmail.sendmail and > this access may signal an intrusion attempt. It is also possible that the > specific version or configuration of the application is causing it to > require additional access. > >Allowing Access > You can generate a local policy module to allow this access - see > http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable > SELinux protection altogether. Disabling SELinux protection is not > recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi > against this package. > >Additional Information > >Source Context system_u:system_r:fail2ban_t:s0 >Target Context system_u:system_r:fail2ban_t:s0 >Target Objects None [ udp_socket ] >Affected RPM Packages sendmail-8.14.2-1.fc8 [application] >Policy RPM selinux-policy-3.0.8-74.fc8 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Permissive >Plugin Name plugins.catchall >Host Name attic4 >Platform Linux attic4 2.6.23.9-85.fc8 #1 SMP Fri Dec 7 > 15:49:36 EST 2007 x86_64 x86_64 >Alert Count 1 >First Seen Sat 19 Jan 2008 12:07:05 AM EST >Last Seen Sat 19 Jan 2008 12:07:05 AM EST >Local ID 63674252-ed4c-458e-a574-e6cd655a0d10 >Line Numbers > >Raw Audit Messages > >avc: denied { write } for comm=sendmail egid=51 euid=51 >exe=/usr/sbin/sendmail.sendmail exit=26 fsgid=51 fsuid=51 gid=51 items=0 >pid=21790 scontext=system_u:system_r:fail2ban_t:s0 sgid=51 >subj=system_u:system_r:fail2ban_t:s0 suid=51 tclass=udp_socket >tcontext=system_u:system_r:fail2ban_t:s0 tty=(none) uid=51 > > >Summary > SELinux is preventing /usr/sbin/sendmail.sendmail (fail2ban_t) "read" to > <Unknown> (fail2ban_t). > >Detailed Description > SELinux denied access requested by /usr/sbin/sendmail.sendmail. It is not > expected that this access is required by /usr/sbin/sendmail.sendmail and > this access may signal an intrusion attempt. It is also possible that the > specific version or configuration of the application is causing it to > require additional access. > >Allowing Access > You can generate a local policy module to allow this access - see > http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable > SELinux protection altogether. Disabling SELinux protection is not > recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi > against this package. > >Additional Information > >Source Context system_u:system_r:fail2ban_t:s0 >Target Context system_u:system_r:fail2ban_t:s0 >Target Objects None [ udp_socket ] >Affected RPM Packages sendmail-8.14.2-1.fc8 [application] >Policy RPM selinux-policy-3.0.8-74.fc8 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Permissive >Plugin Name plugins.catchall >Host Name attic4 >Platform Linux attic4 2.6.23.9-85.fc8 #1 SMP Fri Dec 7 > 15:49:36 EST 2007 x86_64 x86_64 >Alert Count 1 >First Seen Sat 19 Jan 2008 12:07:05 AM EST >Last Seen Sat 19 Jan 2008 12:07:05 AM EST >Local ID 6670b3eb-f7e9-414f-9c81-2c66fb92b4aa >Line Numbers > >Raw Audit Messages > >avc: denied { read } for comm=sendmail egid=51 euid=51 >exe=/usr/sbin/sendmail.sendmail exit=87 fsgid=51 fsuid=51 gid=51 items=0 >pid=21790 scontext=system_u:system_r:fail2ban_t:s0 sgid=51 >subj=system_u:system_r:fail2ban_t:s0 suid=51 tclass=udp_socket >tcontext=system_u:system_r:fail2ban_t:s0 tty=(none) uid=51 > > >Summary > SELinux is preventing sendmail (fail2ban_t) "getattr" to <Unknown> (fs_t). > >Detailed Description > SELinux denied access requested by sendmail. It is not expected that this > access is required by sendmail and this access may signal an intrusion > attempt. It is also possible that the specific version or configuration of > the application is causing it to require additional access. > >Allowing Access > You can generate a local policy module to allow this access - see > http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable > SELinux protection altogether. Disabling SELinux protection is not > recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi > against this package. > >Additional Information > >Source Context system_u:system_r:fail2ban_t:s0 >Target Context system_u:object_r:fs_t:s0 >Target Objects None [ filesystem ] >Affected RPM Packages >Policy RPM selinux-policy-3.0.8-74.fc8 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Permissive >Plugin Name plugins.catchall >Host Name attic4 >Platform Linux attic4 2.6.23.9-85.fc8 #1 SMP Fri Dec 7 > 15:49:36 EST 2007 x86_64 x86_64 >Alert Count 1 >First Seen Sat 19 Jan 2008 12:07:05 AM EST >Last Seen Sat 19 Jan 2008 12:07:05 AM EST >Local ID 2984dc93-a3c4-4d66-a8f4-fe32ec55f75e >Line Numbers > >Raw Audit Messages > >avc: denied { getattr } for comm=sendmail dev=sda15 name=/ pid=21790 >scontext=system_u:system_r:fail2ban_t:s0 tclass=filesystem >tcontext=system_u:object_r:fs_t:s0 > > >Summary > SELinux is preventing sendmail (fail2ban_t) "create" to <Unknown> > (fail2ban_t). > >Detailed Description > SELinux denied access requested by sendmail. It is not expected that this > access is required by sendmail and this access may signal an intrusion > attempt. It is also possible that the specific version or configuration of > the application is causing it to require additional access. > >Allowing Access > You can generate a local policy module to allow this access - see > http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable > SELinux protection altogether. Disabling SELinux protection is not > recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi > against this package. > >Additional Information > >Source Context system_u:system_r:fail2ban_t:s0 >Target Context system_u:system_r:fail2ban_t:s0 >Target Objects None [ unix_dgram_socket ] >Affected RPM Packages >Policy RPM selinux-policy-3.0.8-74.fc8 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Permissive >Plugin Name plugins.catchall >Host Name attic4 >Platform Linux attic4 2.6.23.9-85.fc8 #1 SMP Fri Dec 7 > 15:49:36 EST 2007 x86_64 x86_64 >Alert Count 3 >First Seen Sat 19 Jan 2008 12:07:05 AM EST >Last Seen Sat 19 Jan 2008 12:07:05 AM EST >Local ID fd7a8d00-4b8d-40d9-b006-dc335fd2fd0f >Line Numbers > >Raw Audit Messages > >avc: denied { create } for comm=sendmail pid=21790 >scontext=system_u:system_r:fail2ban_t:s0 tclass=unix_dgram_socket >tcontext=system_u:system_r:fail2ban_t:s0 > > >Summary > SELinux is preventing sendmail (fail2ban_t) "connect" to <Unknown> > (fail2ban_t). > >Detailed Description > SELinux denied access requested by sendmail. It is not expected that this > access is required by sendmail and this access may signal an intrusion > attempt. It is also possible that the specific version or configuration of > the application is causing it to require additional access. > >Allowing Access > You can generate a local policy module to allow this access - see > http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable > SELinux protection altogether. Disabling SELinux protection is not > recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi > against this package. > >Additional Information > >Source Context system_u:system_r:fail2ban_t:s0 >Target Context system_u:system_r:fail2ban_t:s0 >Target Objects None [ tcp_socket ] >Affected RPM Packages >Policy RPM selinux-policy-3.0.8-74.fc8 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Permissive >Plugin Name plugins.catchall >Host Name attic4 >Platform Linux attic4 2.6.23.9-85.fc8 #1 SMP Fri Dec 7 > 15:49:36 EST 2007 x86_64 x86_64 >Alert Count 2 >First Seen Sat 19 Jan 2008 12:07:05 AM EST >Last Seen Sat 19 Jan 2008 12:07:05 AM EST >Local ID 28afe73d-39b8-4a0c-8d39-fb000f284617 >Line Numbers > >Raw Audit Messages > >avc: denied { connect } for comm=sendmail pid=21790 >scontext=system_u:system_r:fail2ban_t:s0 tclass=tcp_socket >tcontext=system_u:system_r:fail2ban_t:s0 > > >Summary > SELinux is preventing sendmail (fail2ban_t) "write" to socket (fail2ban_t). > >Detailed Description > SELinux denied access requested by sendmail. It is not expected that this > access is required by sendmail and this access may signal an intrusion > attempt. It is also possible that the specific version or configuration of > the application is causing it to require additional access. > >Allowing Access > You can generate a local policy module to allow this access - see > http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable > SELinux protection altogether. Disabling SELinux protection is not > recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi > against this package. > >Additional Information > >Source Context system_u:system_r:fail2ban_t:s0 >Target Context system_u:system_r:fail2ban_t:s0 >Target Objects socket [ tcp_socket ] >Affected RPM Packages >Policy RPM selinux-policy-3.0.8-74.fc8 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Permissive >Plugin Name plugins.catchall >Host Name attic4 >Platform Linux attic4 2.6.23.9-85.fc8 #1 SMP Fri Dec 7 > 15:49:36 EST 2007 x86_64 x86_64 >Alert Count 1 >First Seen Sat 19 Jan 2008 12:07:05 AM EST >Last Seen Sat 19 Jan 2008 12:07:05 AM EST >Local ID 3415c8bc-0fc0-4a40-ada1-a76f57c3df3c >Line Numbers > >Raw Audit Messages > >avc: denied { write } for comm=sendmail dev=sockfs path=socket:[135438] >pid=21790 scontext=system_u:system_r:fail2ban_t:s0 tclass=tcp_socket >tcontext=system_u:system_r:fail2ban_t:s0 > > >Summary > SELinux is preventing sendmail (fail2ban_t) "remove_name" to <Unknown> > (mqueue_spool_t). > >Detailed Description > SELinux denied access requested by sendmail. It is not expected that this > access is required by sendmail and this access may signal an intrusion > attempt. It is also possible that the specific version or configuration of > the application is causing it to require additional access. > >Allowing Access > Sometimes labeling problems can cause SELinux denials. You could try to > restore the default system file context for <Unknown>, restorecon -v > <Unknown> If this does not work, there is currently no automatic way to > allow this access. Instead, you can generate a local policy module to allow > this access - see http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 > Or you can disable SELinux protection altogether. Disabling SELinux > protection is not recommended. Please file a > http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package. > >Additional Information > >Source Context system_u:system_r:fail2ban_t:s0 >Target Context system_u:object_r:mqueue_spool_t:s0 >Target Objects None [ dir ] >Affected RPM Packages >Policy RPM selinux-policy-3.0.8-74.fc8 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Permissive >Plugin Name plugins.catchall_file >Host Name attic4 >Platform Linux attic4 2.6.23.9-85.fc8 #1 SMP Fri Dec 7 > 15:49:36 EST 2007 x86_64 x86_64 >Alert Count 1 >First Seen Sat 19 Jan 2008 12:07:05 AM EST >Last Seen Sat 19 Jan 2008 12:07:05 AM EST >Local ID 7ab7c095-a603-4568-8f46-f33c23a378e3 >Line Numbers > >Raw Audit Messages > >avc: denied { remove_name } for comm=sendmail dev=sda15 name=dfm0J575Hi021790 >pid=21790 scontext=system_u:system_r:fail2ban_t:s0 tclass=dir >tcontext=system_u:object_r:mqueue_spool_t:s0 > > >Summary > SELinux is preventing fail2ban-server (fail2ban_t) "connectto" to <Unknown> > (initrc_t). > >Detailed Description > SELinux denied access requested by fail2ban-server. It is not expected that > this access is required by fail2ban-server and this access may signal an > intrusion attempt. It is also possible that the specific version or > configuration of the application is causing it to require additional access. > >Allowing Access > You can generate a local policy module to allow this access - see > http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable > SELinux protection altogether. Disabling SELinux protection is not > recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi > against this package. > >Additional Information > >Source Context system_u:system_r:fail2ban_t:s0 >Target Context system_u:system_r:initrc_t:s0 >Target Objects None [ unix_stream_socket ] >Affected RPM Packages >Policy RPM selinux-policy-3.0.8-74.fc8 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Permissive >Plugin Name plugins.catchall >Host Name attic4 >Platform Linux attic4 2.6.23.9-85.fc8 #1 SMP Fri Dec 7 > 15:49:36 EST 2007 x86_64 x86_64 >Alert Count 1 >First Seen Sat 19 Jan 2008 12:07:05 AM EST >Last Seen Sat 19 Jan 2008 12:07:05 AM EST >Local ID a43b8a4b-1bc1-481f-9690-1ed393cd5868 >Line Numbers > >Raw Audit Messages > >avc: denied { connectto } for comm=fail2ban-server egid=0 euid=0 >exe=/usr/bin/python exit=0 fsgid=0 fsuid=0 gid=0 items=0 path=002F746D702F66616D >2D726F6F742D00000000000000000000000000000000000000000000000000000000000000000000 >00000000000000000000000000000000000000000000000000000000000000000000000000000000 >00000000000000000000000000000000000000 pid=21751 >scontext=system_u:system_r:fail2ban_t:s0 sgid=0 >subj=system_u:system_r:fail2ban_t:s0 suid=0 tclass=unix_stream_socket >tcontext=system_u:system_r:initrc_t:s0 tty=(none) uid=0 > > >Summary > SELinux is preventing /sbin/iptables (iptables_t) "read write" to socket > (fail2ban_t). > >Detailed Description > SELinux denied access requested by /sbin/iptables. It is not expected that > this access is required by /sbin/iptables and this access may signal an > intrusion attempt. It is also possible that the specific version or > configuration of the application is causing it to require additional access. > >Allowing Access > You can generate a local policy module to allow this access - see > http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable > SELinux protection altogether. Disabling SELinux protection is not > recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi > against this package. > >Additional Information > >Source Context system_u:system_r:iptables_t:s0 >Target Context system_u:system_r:fail2ban_t:s0 >Target Objects socket [ unix_stream_socket ] >Affected RPM Packages iptables-1.3.8-6.fc8 [application] >Policy RPM selinux-policy-3.0.8-74.fc8 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Permissive >Plugin Name plugins.catchall >Host Name attic4 >Platform Linux attic4 2.6.23.9-85.fc8 #1 SMP Fri Dec 7 > 15:49:36 EST 2007 x86_64 x86_64 >Alert Count 1 >First Seen Sat 19 Jan 2008 12:07:05 AM EST >Last Seen Sat 19 Jan 2008 12:07:05 AM EST >Local ID 6641a7bb-0b88-427c-bebb-f5ace653105e >Line Numbers > >Raw Audit Messages > >avc: denied { read write } for comm=iptables dev=sockfs egid=0 euid=0 >exe=/sbin/iptables exit=0 fsgid=0 fsuid=0 gid=0 items=0 path=socket:[135337] >pid=21786 scontext=system_u:system_r:iptables_t:s0 sgid=0 >subj=system_u:system_r:iptables_t:s0 suid=0 tclass=unix_stream_socket >tcontext=system_u:system_r:fail2ban_t:s0 tty=(none) uid=0 > > >Summary > SELinux is preventing the fail2ban-server from using potentially mislabeled > files (<Unknown>). > >Detailed Description > SELinux has denied fail2ban-server access to potentially mislabeled file(s) > (<Unknown>). This means that SELinux will not allow fail2ban-server to use > these files. It is common for users to edit files in their home directory > or tmp directories and then move (mv) them to system directories. The > problem is that the files end up with the wrong file context which confined > applications are not allowed to access. > >Allowing Access > If you want fail2ban-server to access this files, you need to relabel them > using restorecon -v <Unknown>. You might want to relabel the entire > directory using restorecon -R -v <Unknown>. > >Additional Information > >Source Context system_u:system_r:fail2ban_t:s0 >Target Context system_u:object_r:tmp_t:s0 >Target Objects None [ dir ] >Affected RPM Packages >Policy RPM selinux-policy-3.0.8-74.fc8 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Permissive >Plugin Name plugins.home_tmp_bad_labels >Host Name attic4 >Platform Linux attic4 2.6.23.9-85.fc8 #1 SMP Fri Dec 7 > 15:49:36 EST 2007 x86_64 x86_64 >Alert Count 0 >First Seen Sat 19 Jan 2008 12:07:04 AM EST >Last Seen Sat 19 Jan 2008 12:07:04 AM EST >Local ID e45ffc6a-cc53-4a69-917e-d85741f78ecd >Line Numbers > >Raw Audit Messages > >avc: denied { search } for comm=fail2ban-server dev=sda15 egid=0 euid=0 >exe=/usr/bin/python exit=-2 fsgid=0 fsuid=0 gid=0 items=0 name=tmp pid=21746 >scontext=system_u:system_r:fail2ban_t:s0 sgid=0 >subj=system_u:system_r:fail2ban_t:s0 suid=0 tclass=dir >tcontext=system_u:object_r:tmp_t:s0 tty=(none) uid=0 > > >Summary > SELinux is preventing the fail2ban-server from using potentially mislabeled > files (<Unknown>). > >Detailed Description > SELinux has denied fail2ban-server access to potentially mislabeled file(s) > (<Unknown>). This means that SELinux will not allow fail2ban-server to use > these files. It is common for users to edit files in their home directory > or tmp directories and then move (mv) them to system directories. The > problem is that the files end up with the wrong file context which confined > applications are not allowed to access. > >Allowing Access > If you want fail2ban-server to access this files, you need to relabel them > using restorecon -v <Unknown>. You might want to relabel the entire > directory using restorecon -R -v <Unknown>. > >Additional Information > >Source Context system_u:system_r:fail2ban_t:s0 >Target Context system_u:object_r:tmp_t:s0 >Target Objects None [ dir ] >Affected RPM Packages >Policy RPM selinux-policy-3.0.8-74.fc8 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Permissive >Plugin Name plugins.home_tmp_bad_labels >Host Name attic4 >Platform Linux attic4 2.6.23.9-85.fc8 #1 SMP Fri Dec 7 > 15:49:36 EST 2007 x86_64 x86_64 >Alert Count 1 >First Seen Sat 19 Jan 2008 12:07:04 AM EST >Last Seen Sat 19 Jan 2008 12:07:04 AM EST >Local ID b2958621-f55f-4743-948b-54f08ea03356 >Line Numbers > >Raw Audit Messages > >avc: denied { write } for comm=fail2ban-server dev=sda15 name=tmp pid=21746 >scontext=system_u:system_r:fail2ban_t:s0 tclass=dir >tcontext=system_u:object_r:tmp_t:s0 > > >Summary > SELinux is preventing /usr/sbin/sendmail.sendmail (sendmail_t) "read write" > to socket (initrc_t). > >Detailed Description > SELinux denied access requested by /usr/sbin/sendmail.sendmail. It is not > expected that this access is required by /usr/sbin/sendmail.sendmail and > this access may signal an intrusion attempt. It is also possible that the > specific version or configuration of the application is causing it to > require additional access. > >Allowing Access > You can generate a local policy module to allow this access - see > http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable > SELinux protection altogether. Disabling SELinux protection is not > recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi > against this package. > >Additional Information > >Source Context system_u:system_r:sendmail_t:s0 >Target Context system_u:system_r:initrc_t:s0 >Target Objects socket [ unix_stream_socket ] >Affected RPM Packages sendmail-8.14.2-1.fc8 [application] >Policy RPM selinux-policy-3.0.8-74.fc8 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Permissive >Plugin Name plugins.catchall >Host Name attic4 >Platform Linux attic4 2.6.23.9-85.fc8 #1 SMP Fri Dec 7 > 15:49:36 EST 2007 x86_64 x86_64 >Alert Count 16 >First Seen Wed 02 Jan 2008 11:49:40 PM EST >Last Seen Sat 19 Jan 2008 12:07:03 AM EST >Local ID c1432632-d017-45f7-adc4-f983ceb3e9e8 >Line Numbers > >Raw Audit Messages > >avc: denied { read write } for comm=sendmail dev=sockfs egid=51 euid=0 >exe=/usr/sbin/sendmail.sendmail exit=0 fsgid=51 fsuid=0 gid=0 items=0 >path=socket:[81342] pid=21728 scontext=system_u:system_r:sendmail_t:s0 sgid=51 >subj=system_u:system_r:sendmail_t:s0 suid=0 tclass=unix_stream_socket >tcontext=system_u:system_r:initrc_t:s0 tty=(none) uid=0 > > >Summary > SELinux is preventing /usr/sbin/sendmail.sendmail (sendmail_t) "append" to > /var/log/fail2ban.log (fail2ban_log_t). > >Detailed Description > SELinux denied access requested by /usr/sbin/sendmail.sendmail. It is not > expected that this access is required by /usr/sbin/sendmail.sendmail and > this access may signal an intrusion attempt. It is also possible that the > specific version or configuration of the application is causing it to > require additional access. > >Allowing Access > Sometimes labeling problems can cause SELinux denials. You could try to > restore the default system file context for /var/log/fail2ban.log, > restorecon -v /var/log/fail2ban.log If this does not work, there is > currently no automatic way to allow this access. Instead, you can generate > a local policy module to allow this access - see > http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable > SELinux protection altogether. Disabling SELinux protection is not > recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi > against this package. > >Additional Information > >Source Context system_u:system_r:sendmail_t:s0 >Target Context system_u:object_r:fail2ban_log_t:s0 >Target Objects /var/log/fail2ban.log [ file ] >Affected RPM Packages sendmail-8.14.2-1.fc8 [application] >Policy RPM selinux-policy-3.0.8-73.fc8 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Permissive >Plugin Name plugins.catchall_file >Host Name attic4 >Platform Linux attic4 2.6.23.9-85.fc8 #1 SMP Fri Dec 7 > 15:49:36 EST 2007 x86_64 x86_64 >Alert Count 5 >First Seen Wed 02 Jan 2008 11:54:35 PM EST >Last Seen Tue 15 Jan 2008 11:13:17 PM EST >Local ID e5f6c14a-a8b9-41a6-a34c-f3695f03bfef >Line Numbers > >Raw Audit Messages > >avc: denied { append } for comm=sendmail dev=sda15 egid=51 euid=0 >exe=/usr/sbin/sendmail.sendmail exit=0 fsgid=51 fsuid=0 gid=0 items=0 >path=/var/log/fail2ban.log pid=2347 scontext=system_u:system_r:sendmail_t:s0 >sgid=51 subj=system_u:system_r:sendmail_t:s0 suid=0 tclass=file >tcontext=system_u:object_r:fail2ban_log_t:s0 tty=(none) uid=0 > > >Summary > SELinux is preventing access to files with the label, file_t. > >Detailed Description > SELinux permission checks on files labeled file_t are being denied. file_t > is the context the SELinux kernel gives to files that do not have a label. > This indicates a serious labeling problem. No files on an SELinux box should > ever be labeled file_t. If you have just added a new disk drive to the > system you can relabel it using the restorecon command. Otherwise you > should relabel the entire files system. > >Allowing Access > You can execute the following command as root to relabel your computer > system: "touch /.autorelabel; reboot" > >Additional Information > >Source Context system_u:system_r:sshd_t:s0-s0:c0.c1023 >Target Context system_u:object_r:file_t:s0 >Target Objects None [ dir ] >Affected RPM Packages >Policy RPM selinux-policy-3.0.8-73.fc8 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Permissive >Plugin Name plugins.file >Host Name attic4 >Platform Linux attic4 2.6.23.9-85.fc8 #1 SMP Fri Dec 7 > 15:49:36 EST 2007 x86_64 x86_64 >Alert Count 12 >First Seen Sun 06 Jan 2008 02:12:19 PM EST >Last Seen Tue 15 Jan 2008 11:05:53 PM EST >Local ID 235c9d3c-836d-45f2-870b-3e4c051beb87 >Line Numbers > >Raw Audit Messages > >avc: denied { search } for comm=sshd dev=sdb5 name=ian pid=3060 >scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tclass=dir >tcontext=system_u:object_r:file_t:s0 > > >Summary > SELinux is preventing /sbin/iptables (iptables_t) "append" to > /var/log/fail2ban.log (var_log_t). > >Detailed Description > SELinux is preventing /sbin/iptables (iptables_t) "append" to > /var/log/fail2ban.log (var_log_t). The SELinux type var_log_t, is a generic > type for all files in the directory and very few processes (SELinux Domains) > are allowed to write to this SELinux type. This type of denial usual > indicates a mislabeled file. By default a file created in a directory has > the gets the context of the parent directory, but SELinux policy has rules > about the creation of directories, that say if a process running in one > SELinux Domain (D1) creates a file in a directory with a particular SELinux > File Context (F1) the file gets a different File Context (F2). The policy > usually allows the SELinux Domain (D1) the ability to write, unlink, and > append on (F2). But if for some reason a file (/var/log/fail2ban.log) was > created with the wrong context, this domain will be denied. The usual > solution to this problem is to reset the file context on the target file, > restorecon -v /var/log/fail2ban.log. If the file context does not change > from var_log_t, then this is probably a bug in policy. Please file a > http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against the selinux-policy > package. If it does change, you can try your application again to see if it > works. The file context could have been mislabeled by editing the file or > moving the file from a different directory, if the file keeps getting > mislabeled, check the init scripts to see if they are doing something to > mislabel the file. > >Allowing Access > You can attempt to fix file context by executing restorecon -v > /var/log/fail2ban.log > > The following command will allow this access: > restorecon /var/log/fail2ban.log > >Additional Information > >Source Context system_u:system_r:iptables_t:s0 >Target Context system_u:object_r:var_log_t:s0 >Target Objects /var/log/fail2ban.log [ file ] >Affected RPM Packages iptables-1.3.8-6.fc8 [application] >Policy RPM selinux-policy-3.0.8-72.fc8 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Permissive >Plugin Name plugins.mislabeled_file >Host Name attic4 >Platform Linux attic4 2.6.23.9-85.fc8 #1 SMP Fri Dec 7 > 15:49:36 EST 2007 x86_64 x86_64 >Alert Count 1 >First Seen Wed 02 Jan 2008 11:49:40 PM EST >Last Seen Wed 02 Jan 2008 11:49:40 PM EST >Local ID b4dac553-9521-4873-9305-04639ea13fe4 >Line Numbers > >Raw Audit Messages > >avc: denied { append } for comm=iptables dev=sda15 egid=0 euid=0 >exe=/sbin/iptables exit=0 fsgid=0 fsuid=0 gid=0 items=0 >path=/var/log/fail2ban.log pid=3453 scontext=system_u:system_r:iptables_t:s0 >sgid=0 subj=system_u:system_r:iptables_t:s0 suid=0 tclass=file >tcontext=system_u:object_r:var_log_t:s0 tty=(none) uid=0 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=292257">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 425241
: 292257 |
296693
|
298889
|
298890
|
298891