Linux - EnterpriseThis forum is for all items relating to using Linux in the Enterprise.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Yeah like siddhv said its the fancy tool that tells you what the SELinux finding is an potentially how to fix it in paragraph form.
If your using RHEL you have to disable SElinux this way:
in /etc/sysconfig/selinux to SELINUX=disabled and then reboot.
Normally you can go from Enforcing to Permissive without rebooting but you have to reboot to disable completely. I'd try what siddhv said first so maybe SELinux can atleast run/alarm you in permissive mode if your trying to learn the policies/mess with it.
Distribution: Red Hat, Scientific Linux, CentOS, and Ubuntu
Posts: 27
Rep:
You don't need to disable SELinux to fix this!
If you don't use setroubleshoot, just remove it, like this:
yum remove setroubleshoot*
SELinux will continue to work just fine without it, but you'll have to look at the logs and manually figure out what's going on if you have a problem with SELinux configuration.
I am no security expert, but I would look into the reason why setroubleshootd is using so much cpu and memory instead of just uninstalling it, I have been using a RHEL based distribution for years and never had a problem with it, therefore uninstalling it because it signals some trouble is not good advice in my opinion. I will write down my experience since it might be useful to someone else having this same trouble:
Well, I got here since my apache server got hacked I cleaned a backdoor left in a php file and cleaned a process that was using most of the CPU, called " 9912 apache 20 0 564m 17m 632 S 599.3 0.0 50:11.07 .syslogs " left in "/proc/6823/exe -> /var/tmp/.tmp/.syslogs" yet setroubleshootd was still using 100% of one CPU and using 5 gb of RAM.
I checked /var/log/audit/audit.log to see the reason of such activity and found high activity in the logs, endless attempts of some selinux security violations.
I checked the user and it was apache, and checked on the user's activity, since it could be an indicator of some wrong permissions in some files the server tried to access or something worse:
I turned down httpd and the processes listed below remained:
apache 16487 0.0 0.0 100924 572 ? S 14:41 0:00 sleep 1
apache 16492 0.0 0.0 108224 1368 ? S 14:41 0:00 sh
apache 16534 0.0 0.0 100924 576 ? S 14:41 0:00 sleep 1
apache 25112 0.0 0.0 4120 3296 ? Ss May06 1:57 /usr/libexec/kextd
apache 25119 0.0 0.0 4120 112 ? S May06 0:18 /usr/sbin/notifyd
apache running kextd which I found is a kernel extension server and sh looked very suspicious to me and I killed the processes with "pkill -u apache" and everything went back to normal. I did update PHP and got some other security measures in hope that this issue doesn't repeat. Yet, I wold definitely look into why setroubleshootd is using so much CPU since setroubleshoot is used to diagnose SELinux denials and it might be signalling you some real trouble.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.