Samenvatting: SELinux belet /usr/sbin/sshd "search" toegang on /etc/samba. Gedetailleerde omschrijving: SELinux belette toegang gevraagd door sshd. Het wordt niet verwacht dat deze toegang voor sshd nodig is en deze toegang kan een indringing poging aangeven. Het is ook mogelijk dat de specifieke versie of configuratie van de toepassing het veroorzaakt om extra toegang aan te vragen. Toegang toestaan: Je kunt een locale tactiek module maken om deze toegang toe te staan - zie FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Dien a.u.b. een fout rapport in. Extra informatie: Bron context system_u:system_r:sshd_t:s0-s0:c0.c1023 Doel context system_u:object_r:samba_etc_t:s0 Doel objecten /etc/samba [ dir ] Bron sshd Bron pad /usr/sbin/sshd Poort <Onbekend> Host (verwijderd) Bron RPM pakketten openssh-server-5.5p1-23.fc14.2 Doel RPM pakketten samba-common-3.5.6-69.fc14 Tactiek RPM selinux-policy-3.9.7-7.fc14 SELinux aangezet True Tactiek type targeted Afdwingende mode Enforcing Plug-in naam catchall Host naam (verwijderd) Platform Linux (verwijderd) 2.6.35.6-48.fc14.i686.PAE #1 SMP Fri Oct 22 15:27:53 UTC 2010 i686 i686 Aantal waarschuwingen 20 Eerst gezien op zo 07 nov 2010 02:32:12 CET Laatst gezien op do 11 nov 2010 21:56:11 CET Locale ID 8c139fce-9fb8-46ad-8640-b0d7e51f83ee Regel nummers Onbewerkte audit boodschappen node=(verwijderd) type=AVC msg=audit(1289508971.200:41101): avc: denied { search } for pid=22509 comm="sshd" name="samba" dev=dm-0 ino=61228 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:samba_etc_t:s0 tclass=dir node=(verwijderd) type=SYSCALL msg=audit(1289508971.200:41101): arch=40000003 syscall=5 success=no exit=-13 a0=b7760870 a1=8000 a2=0 a3=0 items=0 ppid=2072 pid=22509 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null) Hash String generated from catchall,sshd,sshd_t,samba_etc_t,dir,search audit2allow suggests: #============= sshd_t ============== allow sshd_t samba_etc_t:dir search;
Did you setup ssh and Samba to play together? Or any chance you were sitting in /etc/samba directory when you started/restarted sshd daemon using /etc/init.d/sshd restart
Or is /etc/samba listed as a homedir in /etc/passwd?
(In reply to comment #2) > Or is /etc/samba listed as a homedir in /etc/passwd? No. It is not mentioned in /etc/passwd
(In reply to comment #1) > Did you setup ssh and Samba to play together? > How can I see that? > Or any chance you were sitting in /etc/samba directory when you > started/restarted sshd daemon using > > /etc/init.d/sshd restart I do not think that. I suspect fail2ban is causing this message. I have no ssh daemon started stopped or restart at the moment of the message. I do not know what info further is needed to solve this issue?
Has it happened again?
Not anymore.
Ok reopen if it happens again.
I'm sorry to report this, but it happened again today... Please let me know what additional info you further need. Note: I can only change the status to "assigned" and not choose it to "reopen".
Is
Can you guys think of any reason sshd would be searching /etc/samba? pam_winbind?
Do you have winbind in /etc/nsswitch.conf or pam_winbind in /etc/pam.d/sshd?
Created attachment 460995 [details] /etc/nsswitch.conf
Created attachment 460996 [details] /etc/pam.d/sshd
Tomas, if winbind was in either of those, it would not be unusual for the login programs to need search. Miroslav can you modify auth_login_pgm_domain to use files_read_config_files($1) In f13/F14.
Fixed in the current policies.