LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 03-12-2010, 12:15 AM   #16
blacky_5251
Member
 
Registered: Oct 2004
Location: Adelaide Hills, South Australia
Distribution: RHEL 5&6 CentOS 5, 6 & 7
Posts: 573

Rep: Reputation: 61

Perhaps your issue is subtly different, so lets try a different approach

Type this command:-
Code:
grep postfix /var/log/audit.log | audit2allow -M mypostfix2
semodule -i mypostfix2.pp
Lets see how that goes.
 
Old 03-12-2010, 12:19 AM   #17
blacky_5251
Member
 
Registered: Oct 2004
Location: Adelaide Hills, South Australia
Distribution: RHEL 5&6 CentOS 5, 6 & 7
Posts: 573

Rep: Reputation: 61
Sorry, that last command was wrong. Should be:-
Code:
audit2allow -M mypostfix2 < /var/log/audit.log
Followed by the semodule -i command.
 
Old 03-12-2010, 12:19 AM   #18
rjcroasdale
Member
 
Registered: Mar 2010
Posts: 36

Original Poster
Rep: Reputation: 15
Code:
grep postfix /var/log/audit.log | audit2allow -M mypostfix2
grep: /var/log/audit.log: No such file or directory
compilation failed:
mypostfix2.te:7:ERROR 'syntax error' at token '' on line 7:


/usr/bin/checkmodule:  error(s) encountered while parsing configuration
/usr/bin/checkmodule:  loading policy configuration from mypostfix2.te
Code:
semodule -i mypostfix2.pp
semodule:  Could not read file 'mypostfix2.pp': No such file or directory
 
Old 03-12-2010, 12:21 AM   #19
rjcroasdale
Member
 
Registered: Mar 2010
Posts: 36

Original Poster
Rep: Reputation: 15
sorry i'm confused :S

could you run those commands back at me?

Last edited by rjcroasdale; 03-12-2010 at 12:22 AM.
 
Old 03-12-2010, 12:25 AM   #20
blacky_5251
Member
 
Registered: Oct 2004
Location: Adelaide Hills, South Australia
Distribution: RHEL 5&6 CentOS 5, 6 & 7
Posts: 573

Rep: Reputation: 61
Code:
audit2allow -M mypostfix2 < /var/log/audit.log
This creates a new policy file called mypostfix2 based on the audit errors in your log file (/var/log/audit.log). There should be two new files, one called mypostfix2.te and an automatically compiled policy file called mypostfix2.pp.

The audit2allow program uses the audit file to identify the errors you want to allow, creating a policy to allow them rather than reject them.

Then you can run the semodule -i command to implement this new policy:-
Code:
semodule -i mypostfix2.pp
 
Old 03-12-2010, 12:30 AM   #21
rjcroasdale
Member
 
Registered: Mar 2010
Posts: 36

Original Poster
Rep: Reputation: 15
;(

i don't have audit.log

Code:
audit2allow -M mypostfix2 < /var/log/audit.log
-bash: /var/log/audit.log: No such file or directory
 
Old 03-12-2010, 12:33 AM   #22
blacky_5251
Member
 
Registered: Oct 2004
Location: Adelaide Hills, South Australia
Distribution: RHEL 5&6 CentOS 5, 6 & 7
Posts: 573

Rep: Reputation: 61
Bugger. My typing again. Try /var/log/audit/audit.log with the double audit.
 
Old 03-12-2010, 12:40 AM   #23
rjcroasdale
Member
 
Registered: Mar 2010
Posts: 36

Original Poster
Rep: Reputation: 15
looking via filezilla at the ftp, doesn't look like i have that folder either
 
Old 03-12-2010, 12:43 AM   #24
blacky_5251
Member
 
Registered: Oct 2004
Location: Adelaide Hills, South Australia
Distribution: RHEL 5&6 CentOS 5, 6 & 7
Posts: 573

Rep: Reputation: 61
It is only accessible by the root user. Are you logged in as root? If you can't find it, try this command to locate the location of your SELinux log files:-
Code:
find / -name audit.log -print
    or
locate audit.log
I don't have a FC9 machine, but I would have thought the file should be in the directory /var/log/audit.

Last edited by blacky_5251; 03-12-2010 at 12:48 AM.
 
Old 03-12-2010, 12:50 AM   #25
rjcroasdale
Member
 
Registered: Mar 2010
Posts: 36

Original Poster
Rep: Reputation: 15
I dont have an audit.log at all anywhere

Code:
[root@HOSTNAME ~]# find / -name audit.log -print
[root@HOSTNAME ~]# find / -name maillog -print
/var/log/maillog
 
Old 03-12-2010, 12:51 AM   #26
rjcroasdale
Member
 
Registered: Mar 2010
Posts: 36

Original Poster
Rep: Reputation: 15
is that not the "messages" file? where i found these
Code:
Mar 12 06:03:52 HOSTNAME kernel: type=1400 audit(1268373832.566:232533): avc:  denied  { connectto } for  pid=7581 comm="cleanup" path="/var/run/nscd/socket" scontext=unconfined_u:system_r:postfix_cleanup_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket
Mar 12 06:03:52 HOSTNAME kernel: type=1400 audit(1268373832.566:232534): avc:  denied  { connectto } for  pid=7581 comm="cleanup" path="/var/run/nscd/socket" scontext=unconfined_u:system_r:postfix_cleanup_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket
Mar 12 06:03:52 HOSTNAME kernel: type=1400 audit(1268373832.567:232535): avc:  denied  { connectto } for  pid=7581 comm="cleanup" path="/var/run/nscd/socket" scontext=unconfined_u:system_r:postfix_cleanup_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket
Mar 12 06:03:52 HOSTNAME kernel: type=1400 audit(1268373832.567:232536): avc:  denied  { connectto } for  pid=7581 comm="cleanup" path="/var/run/nscd/socket" scontext=unconfined_u:system_r:postfix_cleanup_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket
Mar 12 06:03:52 HOSTNAME kernel: type=1400 audit(1268373832.568:232537): avc:  denied  { read write } for  pid=7581 comm="cleanup" name="unix.cleanup" dev=sda1 ino=8306741 scontext=unconfined_u:system_r:postfix_cleanup_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=file
 
Old 03-12-2010, 12:59 AM   #27
blacky_5251
Member
 
Registered: Oct 2004
Location: Adelaide Hills, South Australia
Distribution: RHEL 5&6 CentOS 5, 6 & 7
Posts: 573

Rep: Reputation: 61
Those are errors reported by the kernel, but not the file SELinux error. Here's an example of an audit.log entry from my machine here:-
Code:
type=USER_END msg=audit(1268083802.216:51086): user pid=11884 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023  msg='PAM: session close acct="root" : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
type=USER_ACCT msg=audit(1268083861.885:51087): user pid=11929 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct="root" : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
type=CRED_ACQ msg=audit(1268083861.887:51088): user pid=11929 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct="root" : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
type=LOGIN msg=audit(1268083861.889:51089): login pid=11929 uid=0 old auid=4294967295 new auid=0 old ses=4294967295 newses=9067
type=USER_START msg=audit(1268083861.895:51090): user pid=11929 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct="root" : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
type=CRED_DISP msg=audit(1268083862.212:51091): user pid=11929 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct="root" : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
type=USER_END msg=audit(1268083862.214:51092): user pid=11929 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct="root" : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
type=USER_AUTH msg=audit(1268084098.035:51093): user pid=11948 uid=0 auid=4294967295 subj=system_u:system_r:dovecot_auth_t:s0 msg='PAM: authentication acct="teacosy" : exe="/usr/libexec/dovecot/dovecot-auth" (hostname=::ffff:192.168.2.202,addr=::ffff:192.168.2.202, terminal=dovecot res=success)'
type=USER_ACCT msg=audit(1268084098.049:51094): user pid=11948 uid=0 auid=4294967295 subj=system_u:system_r:dovecot_auth_t:s0 msg='PAM: accounting acct="teacosy" : exe="/usr/libexec/dovecot/dovecot-auth" (hostname=::ffff:192.168.2.202, addr=::ffff:192.168.2.202, terminal=dovecot res=success)'
type=USER_ACCT msg=audit(1268084102.796:51095): user pid=11953 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct="root" : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
type=CRED_ACQ msg=audit(1268084102.798:51096): user pid=11953 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct="root" : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
type=LOGIN msg=audit(1268084102.802:51097): login pid=11953 uid=0 old auid=4294967295 new auid=0 old ses=4294967295 newses=9068
As you can see, these contain more "data" about the errors.

Try scanning your /var/log directory for files that may contain similar errors:-
Code:
grep -l avc /var/log/*
 
Old 03-12-2010, 01:08 AM   #28
rjcroasdale
Member
 
Registered: Mar 2010
Posts: 36

Original Poster
Rep: Reputation: 15
nope, all the avc messages are in messages logfile;

Code:
grep -l avc /var/log/*
/var/log/messages
/var/log/messages-20100214
/var/log/messages-20100221
/var/log/messages-20100228
/var/log/messages-20100307
 
Old 03-12-2010, 01:10 AM   #29
blacky_5251
Member
 
Registered: Oct 2004
Location: Adelaide Hills, South Australia
Distribution: RHEL 5&6 CentOS 5, 6 & 7
Posts: 573

Rep: Reputation: 61
Perhaps there is a subdirectory (other than audit) that is holding them?
Code:
ls -la /var/log | grep drw
 
Old 03-12-2010, 01:11 AM   #30
rjcroasdale
Member
 
Registered: Mar 2010
Posts: 36

Original Poster
Rep: Reputation: 15
I take it selinux is disabling access to;
postfix/cleanup[7581]: fatal: open lock file
pid/unix.cleanup: cannot open file: Permission denied

and thats why i get these errors after it;
Mar 12 06:03:53 HOSTNAME postfix/master[7523]: warning: process
/usr/libexec/postfix/cleanup pid 7581 exit status 1
Mar 12 06:03:53 HOSTNAME postfix/master[7523]: warning:
/usr/libexec/postfix/cleanup: bad command startup -- throttling

and that bugfix we tried was suppost to fix this?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Postfix broke after update, please help! Brandon.Wamboldt Linux - Server 2 12-06-2009 09:41 AM
"../system.h :selinux/selinux.h:no such file or directory" ashmita04 Linux From Scratch 4 02-05-2009 03:36 AM
Postfix: postfix: fatal: chdir(/usr/libexec/postfix) Micro420 Ubuntu 2 07-13-2008 12:21 PM
I think I broke SELinux blanny Linux - Security 1 10-08-2006 12:52 AM
Problem with Postfix and SElinux jc materi Linux - Security 1 06-22-2006 03:02 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 10:40 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration