Bug 852784
Summary: | Messages not being logged into /var/log/messages (setroubleshootd isnt processing the messages) -Selinux is blocking setroubleshoot | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | John W <unixdeaf> |
Component: | setroubleshoot | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED NOTABUG | QA Contact: | BaseOS QE Security Team <qe-baseos-security> |
Severity: | medium | Docs Contact: | |
Priority: | unspecified | ||
Version: | 6.3 | CC: | mgrepl, unixdeaf |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2012-09-27 11:02:21 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
John W
2012-08-29 15:18:39 UTC
I have fixed the python error in /var/log/messages, However i am following the documentation and i still dont get any sealert's to messages file . Since this is a fresh RHEL6.3 machine i would think that would be a bug. So please help me find whats causing no sealerts in messages file still. Miroslav didn't we fix this problem? Just an FYI , i have case 852784 open with support on this as well, so far no fix though. (In reply to comment #3) > Miroslav didn't we fix this problem? Yes, I believe. I am testing it and I see Sep 11 09:24:07 rhel6 setroubleshoot: SELinux is preventing /usr/bin/runcon from using the transition access on a process. For complete SELinux messages. run sealert -l a7b45d79-31e2-4a7c-9d47-843d6cb26099 # rpm -qa setroubleshoot* setroubleshoot-plugins-3.0.40-1.el6.noarch setroubleshoot-3.0.47-3.el6_3.x86_64 setroubleshoot-server-3.0.47-3.el6_3.x86_64 Please advise how you generated the sealers because I have attempted to create alerts using vsftpd and the sealert -l message never shows up in messages and I have he same rpm's installed. Please reference my case also Are you still seeing the errors in the log files with the same packages? Looking at this more closely, is there something wrong with your rpm database? Maybe you will need to rebuild your rpm database. Support already had me rebuild my rpm database and still same results I will post the current error messages when I get back home Thursday. Here are the most recent messages after generating Selina's denial using vsftpd Ok so the tail -f /var/log/messages still returned nothing to me , nothing was logged to var log messages the grep AVC audit.log|sedispatch returned a bunch of these Got Reply: AVC Then i tested with ftp to my home dir and here are the results i got in messages file : Sep 7 08:27:52 server vsftpd[2620]: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=client user=root Sep 7 08:28:11 server setroubleshoot: [program.ERROR] failed to get filesystem list from rpm#012Traceback (most recent call last):#012 File "/usr/lib64/python2.6/site-packages/setroubleshoot/util.py", line 238, in get_standard_directories#012 h = ts.dbMatch("name", "filesystem").next()#012error: rpmdb open failed Sep 7 08:28:11 server setroubleshoot: [program.ERROR] failed to get filesystem list from rpm#012Traceback (most recent call last):#012 File "/usr/lib64/python2.6/site-packages/setroubleshoot/util.py", line 238, in get_standard_directories#012 h = ts.dbMatch("name", "filesystem").next()#012error: rpmdb open failed Sep 7 08:28:16 server sedispatch: AVC Message for setroubleshoot, dropping message Sep 7 08:28:16 server sedispatch: AVC Message for setroubleshoot, dropping message in audit file : type=AVC msg=audit(1347020890.603:101): avc: denied { search } for pid=2632 comm="vsftpd" name="home" dev=dm-0 ino=913925 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:home_root_t:s0 tclass=dir type=SYSCALL msg=audit(1347020890.603:101): arch=c000003e syscall=80 success=no exit=-13 a0=7f9739983490 a1=1f4 a2=0 a3=7fffcffd8e60 items=0 ppid=2627 pid=2632 auid=4294967295 uid=0 gid=0 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=4294967295 comm="vsftpd" exe="/usr/sbin/vsftpd" subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1347020892.294:102): avc: denied { write } for pid=2634 comm="setroubleshootd" name="plugins" dev=dm-0 ino=420591 scontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:usr_t:s0 tclass=dir type=SYSCALL msg=audit(1347020892.294:102): arch=c000003e syscall=87 success=no exit=-13 a0=7fff8477bf20 a1=7f7309a39fe7 a2=5049e6fa a3=3dcf5b9600 items=0 ppid=1 pid=2634 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="setroubleshootd" exe="/usr/bin/python" subj=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 key=(null) setroubleshoot is complaining about python compiles in /usr/share/setroubleshoot/plugins. You you just run python /usr/share/setroubleshoot/plugins/*py That should fix that problem. |