[CentOS-de] cracklib
Oliver Hausmann
oliver.hausmann at securepoint.de
Do Jun 28 07:04:16 EDT 2012
Schau mal hier:
avc: denied { search } for pid=11198 comm="httpd" name="cracklib"
dev=dm-0 ino=525364
scontext=unconfined_u:system_r:httpd_t:s0
tcontext=system_u:object_r:crack_db_t:s0 tclass=dir
SELinux verhindert den Zugriff auf das Verzeichnis. Mach mal restorecon
-R auf /usr/share/cracklib
Eventl. mach es Sinn sich in dem Zusammenhang mal audit2allow
anzuschauen.
Gruß
Oliver
Am 2012-06-28 12:41, schrieb Oliver Wiemer:
> Klaro kann ich das!!
>
> [root at cleopatra httpd]# cat /var/log/audit/audit.log|grep httpd
> type=AVC msg=audit(1339427485.351:562): avc: denied { read } for
> pid=17435 comm="vsftpd" name="gfk" dev=dm-0 ino=672776
> scontext=unconfined_u:system_r:ftpd_t:s0-s0:c0.c1023
> tcontext=unconfined_u:object_r:httpd_sys_content_t:s0 tclass=dir
> type=AVC msg=audit(1339427508.385:563): avc: denied { read } for
> pid=17435 comm="vsftpd" name="gfk" dev=dm-0 ino=672776
> scontext=unconfined_u:system_r:ftpd_t:s0-s0:c0.c1023
> tcontext=unconfined_u:object_r:httpd_sys_content_t:s0 tclass=dir
> type=AVC msg=audit(1340670559.576:1882): avc: denied { search } for
> pid=30336 comm="httpd" name="oliver" dev=dm-0 ino=267832
> scontext=unconfined_u:system_r:httpd_t:s0
> tcontext=unconfined_u:object_r:user_home_dir_t:s0 tclass=dir
> type=SYSCALL msg=audit(1340670559.576:1882): arch=c000003e syscall=2
> success=no exit=-13 a0=7f9467081610 a1=0 a2=0 a3=6c75646f6d2f6172
> items=0
> ppid=1 pid=30336 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
> sgid=0
> fsgid=0 tty=(none) ses=61 comm="httpd" exe="/usr/sbin/httpd"
> subj=unconfined_u:system_r:httpd_t:s0 key=(null)
> type=AVC msg=audit(1340670741.070:1883): avc: denied { search } for
> pid=30387 comm="httpd" name="oliver" dev=dm-0 ino=267832
> scontext=unconfined_u:system_r:httpd_t:s0
> tcontext=unconfined_u:object_r:user_home_dir_t:s0 tclass=dir
> type=SYSCALL msg=audit(1340670741.070:1883): arch=c000003e syscall=2
> success=no exit=-13 a0=7f7211b68610 a1=0 a2=0 a3=6c75646f6d2f6172
> items=0
> ppid=1 pid=30387 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
> sgid=0
> fsgid=0 tty=(none) ses=61 comm="httpd" exe="/usr/sbin/httpd"
> subj=unconfined_u:system_r:httpd_t:s0 key=(null)
> type=AVC msg=audit(1340671727.774:1890): avc: denied { name_connect
> }
> for pid=30496 comm="httpd" dest=3306
> scontext=unconfined_u:system_r:httpd_t:s0
> tcontext=system_u:object_r:mysqld_port_t:s0 tclass=tcp_socket
> type=SYSCALL msg=audit(1340671727.774:1890): arch=c000003e syscall=42
> success=no exit=-13 a0=e a1=7fff96b044d0 a2=10 a3=e items=0
> ppid=30493
> pid=30496 auid=500 uid=48 gid=500 euid=48 suid=48 fsuid=48 egid=500
> sgid=500 fsgid=500 tty=(none) ses=61 comm="httpd"
> exe="/usr/sbin/httpd"
> subj=unconfined_u:system_r:httpd_t:s0 key=(null)
> type=AVC msg=audit(1340671728.775:1891): avc: denied { name_connect
> }
> for pid=30496 comm="httpd" dest=3306
> scontext=unconfined_u:system_r:httpd_t:s0
> tcontext=system_u:object_r:mysqld_port_t:s0 tclass=tcp_socket
> type=SYSCALL msg=audit(1340671728.775:1891): arch=c000003e syscall=42
> success=no exit=-13 a0=e a1=7fff96b044d0 a2=10 a3=e items=0
> ppid=30493
> pid=30496 auid=500 uid=48 gid=500 euid=48 suid=48 fsuid=48 egid=500
> sgid=500 fsgid=500 tty=(none) ses=61 comm="httpd"
> exe="/usr/sbin/httpd"
> subj=unconfined_u:system_r:httpd_t:s0 key=(null)
> type=AVC msg=audit(1340672178.165:1892): avc: denied { name_connect
> }
> for pid=30499 comm="httpd" dest=3306
> scontext=unconfined_u:system_r:httpd_t:s0
> tcontext=system_u:object_r:mysqld_port_t:s0 tclass=tcp_socket
> type=SYSCALL msg=audit(1340672178.165:1892): arch=c000003e syscall=42
> success=no exit=-13 a0=e a1=7fff96b044d0 a2=10 a3=e items=0
> ppid=30493
> pid=30499 auid=500 uid=48 gid=500 euid=48 suid=48 fsuid=48 egid=500
> sgid=500 fsgid=500 tty=(none) ses=61 comm="httpd"
> exe="/usr/sbin/httpd"
> subj=unconfined_u:system_r:httpd_t:s0 key=(null)
> type=AVC msg=audit(1340672179.166:1893): avc: denied { name_connect
> }
> for pid=30499 comm="httpd" dest=3306
> scontext=unconfined_u:system_r:httpd_t:s0
> tcontext=system_u:object_r:mysqld_port_t:s0 tclass=tcp_socket
> type=SYSCALL msg=audit(1340672179.166:1893): arch=c000003e syscall=42
> success=no exit=-13 a0=e a1=7fff96b044d0 a2=10 a3=e items=0
> ppid=30493
> pid=30499 auid=500 uid=48 gid=500 euid=48 suid=48 fsuid=48 egid=500
> sgid=500 fsgid=500 tty=(none) ses=61 comm="httpd"
> exe="/usr/sbin/httpd"
> subj=unconfined_u:system_r:httpd_t:s0 key=(null)
> type=AVC msg=audit(1340672277.485:1894): avc: denied { name_connect
> }
> for pid=30500 comm="httpd" dest=3306
> scontext=unconfined_u:system_r:httpd_t:s0
> tcontext=system_u:object_r:mysqld_port_t:s0 tclass=tcp_socket
> type=SYSCALL msg=audit(1340672277.485:1894): arch=c000003e syscall=42
> success=no exit=-13 a0=e a1=7fff96b044d0 a2=10 a3=e items=0
> ppid=30493
> pid=30500 auid=500 uid=48 gid=500 euid=48 suid=48 fsuid=48 egid=500
> sgid=500 fsgid=500 tty=(none) ses=61 comm="httpd"
> exe="/usr/sbin/httpd"
> subj=unconfined_u:system_r:httpd_t:s0 key=(null)
> type=AVC msg=audit(1340672278.486:1895): avc: denied { name_connect
> }
> for pid=30500 comm="httpd" dest=3306
> scontext=unconfined_u:system_r:httpd_t:s0
> tcontext=system_u:object_r:mysqld_port_t:s0 tclass=tcp_socket
> type=SYSCALL msg=audit(1340672278.486:1895): arch=c000003e syscall=42
> success=no exit=-13 a0=e a1=7fff96b044d0 a2=10 a3=e items=0
> ppid=30493
> pid=30500 auid=500 uid=48 gid=500 euid=48 suid=48 fsuid=48 egid=500
> sgid=500 fsgid=500 tty=(none) ses=61 comm="httpd"
> exe="/usr/sbin/httpd"
> subj=unconfined_u:system_r:httpd_t:s0 key=(null)
> type=AVC msg=audit(1340874746.109:65): avc: denied { search } for
> pid=1497 comm="httpd" name="cracklib" dev=dm-0 ino=525364
> scontext=system_u:system_r:httpd_t:s0
> tcontext=system_u:object_r:crack_db_t:s0 tclass=dir
> type=SYSCALL msg=audit(1340874746.109:65): arch=c000003e syscall=2
> success=no exit=-13 a0=7fff18bbe590 a1=0 a2=1b6 a3=0 items=0
> ppid=1468
> pid=1497 auid=4294967295 uid=48 gid=500 euid=48 suid=48 fsuid=48
> egid=500
> sgid=500 fsgid=500 tty=(none) ses=4294967295 comm="httpd"
> exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
> type=AVC msg=audit(1340874768.002:66): avc: denied { search } for
> pid=1498 comm="httpd" name="cracklib" dev=dm-0 ino=525364
> scontext=system_u:system_r:httpd_t:s0
> tcontext=system_u:object_r:crack_db_t:s0 tclass=dir
> type=SYSCALL msg=audit(1340874768.002:66): arch=c000003e syscall=2
> success=no exit=-13 a0=7fff18bbe590 a1=0 a2=1b6 a3=0 items=0
> ppid=1468
> pid=1498 auid=4294967295 uid=48 gid=500 euid=48 suid=48 fsuid=48
> egid=500
> sgid=500 fsgid=500 tty=(none) ses=4294967295 comm="httpd"
> exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
> type=AVC msg=audit(1340874779.759:67): avc: denied { search } for
> pid=1499 comm="httpd" name="cracklib" dev=dm-0 ino=525364
> scontext=system_u:system_r:httpd_t:s0
> tcontext=system_u:object_r:crack_db_t:s0 tclass=dir
> type=SYSCALL msg=audit(1340874779.759:67): arch=c000003e syscall=2
> success=no exit=-13 a0=7fff18bbe590 a1=0 a2=1b6 a3=0 items=0
> ppid=1468
> pid=1499 auid=4294967295 uid=48 gid=500 euid=48 suid=48 fsuid=48
> egid=500
> sgid=500 fsgid=500 tty=(none) ses=4294967295 comm="httpd"
> exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
> type=AVC msg=audit(1340876601.516:136): avc: denied { search } for
> pid=9956 comm="httpd" name="cracklib" dev=dm-0 ino=525364
> scontext=unconfined_u:system_r:httpd_t:s0
> tcontext=system_u:object_r:crack_db_t:s0 tclass=dir
> type=SYSCALL msg=audit(1340876601.516:136): arch=c000003e syscall=2
> success=no exit=-13 a0=7fffd8b5f190 a1=0 a2=1b6 a3=0 items=0
> ppid=9952
> pid=9956 auid=0 uid=48 gid=500 euid=48 suid=48 fsuid=48 egid=500
> sgid=500
> fsgid=500 tty=(none) ses=4 comm="httpd" exe="/usr/sbin/httpd"
> subj=unconfined_u:system_r:httpd_t:s0 key=(null)
> type=AVC msg=audit(1340880561.939:231): avc: denied { search } for
> pid=9958 comm="httpd" name="cracklib" dev=dm-0 ino=525364
> scontext=unconfined_u:system_r:httpd_t:s0
> tcontext=system_u:object_r:crack_db_t:s0 tclass=dir
> type=SYSCALL msg=audit(1340880561.939:231): arch=c000003e syscall=2
> success=no exit=-13 a0=7fffd8b5f190 a1=0 a2=1b6 a3=0 items=0
> ppid=9952
> pid=9958 auid=0 uid=48 gid=500 euid=48 suid=48 fsuid=48 egid=500
> sgid=500
> fsgid=500 tty=(none) ses=4 comm="httpd" exe="/usr/sbin/httpd"
> subj=unconfined_u:system_r:httpd_t:s0 key=(null)
> type=AVC msg=audit(1340880954.018:232): avc: denied { search } for
> pid=9955 comm="httpd" name="cracklib" dev=dm-0 ino=525364
> scontext=unconfined_u:system_r:httpd_t:s0
> tcontext=system_u:object_r:crack_db_t:s0 tclass=dir
> type=SYSCALL msg=audit(1340880954.018:232): arch=c000003e syscall=2
> success=no exit=-13 a0=7fffd8b5f190 a1=0 a2=1b6 a3=0 items=0
> ppid=9952
> pid=9955 auid=0 uid=48 gid=500 euid=48 suid=48 fsuid=48 egid=500
> sgid=500
> fsgid=500 tty=(none) ses=4 comm="httpd" exe="/usr/sbin/httpd"
> subj=unconfined_u:system_r:httpd_t:s0 key=(null)
> type=AVC msg=audit(1340881493.738:233): avc: denied { search } for
> pid=9959 comm="httpd" name="cracklib" dev=dm-0 ino=525364
> scontext=unconfined_u:system_r:httpd_t:s0
> tcontext=system_u:object_r:crack_db_t:s0 tclass=dir
> type=SYSCALL msg=audit(1340881493.738:233): arch=c000003e syscall=2
> success=no exit=-13 a0=7fffd8b5f190 a1=0 a2=1b6 a3=0 items=0
> ppid=9952
> pid=9959 auid=0 uid=48 gid=500 euid=48 suid=48 fsuid=48 egid=500
> sgid=500
> fsgid=500 tty=(none) ses=4 comm="httpd" exe="/usr/sbin/httpd"
> subj=unconfined_u:system_r:httpd_t:s0 key=(null)
> type=AVC msg=audit(1340881548.972:234): avc: denied { search } for
> pid=9961 comm="httpd" name="cracklib" dev=dm-0 ino=525364
> scontext=unconfined_u:system_r:httpd_t:s0
> tcontext=system_u:object_r:crack_db_t:s0 tclass=dir
> type=SYSCALL msg=audit(1340881548.972:234): arch=c000003e syscall=2
> success=no exit=-13 a0=7fffd8b5f190 a1=0 a2=1b6 a3=0 items=0
> ppid=9952
> pid=9961 auid=0 uid=48 gid=500 euid=48 suid=48 fsuid=48 egid=500
> sgid=500
> fsgid=500 tty=(none) ses=4 comm="httpd" exe="/usr/sbin/httpd"
> subj=unconfined_u:system_r:httpd_t:s0 key=(null)
> type=AVC msg=audit(1340881581.984:235): avc: denied { search } for
> pid=9957 comm="httpd" name="cracklib" dev=dm-0 ino=525364
> scontext=unconfined_u:system_r:httpd_t:s0
> tcontext=system_u:object_r:crack_db_t:s0 tclass=dir
> type=SYSCALL msg=audit(1340881581.984:235): arch=c000003e syscall=2
> success=no exit=-13 a0=7fffd8b5f190 a1=0 a2=1b6 a3=0 items=0
> ppid=9952
> pid=9957 auid=0 uid=48 gid=500 euid=48 suid=48 fsuid=48 egid=500
> sgid=500
> fsgid=500 tty=(none) ses=4 comm="httpd" exe="/usr/sbin/httpd"
> subj=unconfined_u:system_r:httpd_t:s0 key=(null)
> type=AVC msg=audit(1340881653.445:236): avc: denied { search } for
> pid=10829 comm="httpd" name="cracklib" dev=dm-0 ino=525364
> scontext=unconfined_u:system_r:httpd_t:s0
> tcontext=system_u:object_r:crack_db_t:s0 tclass=dir
> type=SYSCALL msg=audit(1340881653.445:236): arch=c000003e syscall=2
> success=no exit=-13 a0=7fffd8b5f190 a1=0 a2=1b6 a3=0 items=0
> ppid=9952
> pid=10829 auid=0 uid=48 gid=500 euid=48 suid=48 fsuid=48 egid=500
> sgid=500
> fsgid=500 tty=(none) ses=4 comm="httpd" exe="/usr/sbin/httpd"
> subj=unconfined_u:system_r:httpd_t:s0 key=(null)
> type=AVC msg=audit(1340881703.664:237): avc: denied { search } for
> pid=9960 comm="httpd" name="cracklib" dev=dm-0 ino=525364
> scontext=unconfined_u:system_r:httpd_t:s0
> tcontext=system_u:object_r:crack_db_t:s0 tclass=dir
> type=SYSCALL msg=audit(1340881703.664:237): arch=c000003e syscall=2
> success=no exit=-13 a0=7fffd8b5f190 a1=0 a2=1b6 a3=0 items=0
> ppid=9952
> pid=9960 auid=0 uid=48 gid=500 euid=48 suid=48 fsuid=48 egid=500
> sgid=500
> fsgid=500 tty=(none) ses=4 comm="httpd" exe="/usr/sbin/httpd"
> subj=unconfined_u:system_r:httpd_t:s0 key=(null)
> type=AVC msg=audit(1340885636.992:239): avc: denied { setattr } for
> pid=11195 comm="httpd" name="cati.log" dev=dm-0 ino=552337
> scontext=unconfined_u:system_r:httpd_t:s0
> tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file
> type=SYSCALL msg=audit(1340885636.992:239): arch=c000003e syscall=90
> success=no exit=-1 a0=7f470ff54d38 a1=1b0 a2=7f470444ebdd
> a3=7f470ff34978
> items=0 ppid=11193 pid=11195 auid=500 uid=48 gid=500 euid=48 suid=48
> fsuid=48 egid=500 sgid=500 fsgid=500 tty=(none) ses=9 comm="httpd"
> exe="/usr/sbin/httpd" subj=unconfined_u:system_r:httpd_t:s0
> key=(null)
> type=AVC msg=audit(1340885642.900:240): avc: denied { search } for
> pid=11198 comm="httpd" name="cracklib" dev=dm-0 ino=525364
> scontext=unconfined_u:system_r:httpd_t:s0
> tcontext=system_u:object_r:crack_db_t:s0 tclass=dir
> type=AVC msg=audit(1340885642.900:240): avc: denied { read } for
> pid=11198 comm="httpd" name="pw_dict.pwd" dev=dm-0 ino=525388
> scontext=unconfined_u:system_r:httpd_t:s0
> tcontext=system_u:object_r:crack_db_t:s0 tclass=file
> type=AVC msg=audit(1340885642.900:240): avc: denied { open } for
> pid=11198 comm="httpd" name="pw_dict.pwd" dev=dm-0 ino=525388
> scontext=unconfined_u:system_r:httpd_t:s0
> tcontext=system_u:object_r:crack_db_t:s0 tclass=file
> type=SYSCALL msg=audit(1340885642.900:240): arch=c000003e syscall=2
> success=yes exit=15 a0=7fffcf6a6fb0 a1=0 a2=1b6 a3=0 items=0
> ppid=11193
> pid=11198 auid=500 uid=48 gid=500 euid=48 suid=48 fsuid=48 egid=500
> sgid=500 fsgid=500 tty=(none) ses=9 comm="httpd"
> exe="/usr/sbin/httpd"
> subj=unconfined_u:system_r:httpd_t:s0 key=(null)
> type=AVC msg=audit(1340885642.900:241): avc: denied { getattr } for
> pid=11198 comm="httpd" path="/usr/share/cracklib/pw_dict.pwi"
> dev=dm-0
> ino=525389 scontext=unconfined_u:system_r:httpd_t:s0
> tcontext=system_u:object_r:crack_db_t:s0 tclass=file
> type=SYSCALL msg=audit(1340885642.900:241): arch=c000003e syscall=5
> success=yes exit=0 a0=10 a1=7fffcf6a6a80 a2=7fffcf6a6a80 a3=0 items=0
> ppid=11193 pid=11198 auid=500 uid=48 gid=500 euid=48 suid=48 fsuid=48
> egid=500 sgid=500 fsgid=500 tty=(none) ses=9 comm="httpd"
> exe="/usr/sbin/httpd" subj=unconfined_u:system_r:httpd_t:s0
> key=(null)
> [root at cleopatra httpd]#
>
>
>
>
> Am 28.06.12 12:14 schrieb "Oliver Hausmann" unter
> <oliver.hausmann at securepoint.de>:
>
>>Hallo Oliver,
>>
>>schau mal bitte in den audit.log (cat /var/log/audit/audit.log|grep
>>httpd).
>>Kannst Du das Ergebnis mal posten?
>>
>>Gruß
>>
>>Oliver
>>
>>Am 2012-06-28 11:34, schrieb Oliver Wiemer:
>>> Hallo Leute,
>>>
>>>
>>> ich bin hier bi der Inbetriebnahme eines Browserbasierenden Systems
>>> der
>>> besonderen Art.
>>> Das Original läuft auf einer Gentoo Maschine.
>>>
>>> Beim Weblogin bekomme ich im Apache errorlog folgende
>>> Fehlermeldung.
>>>
>>> [Thu Jun 28 11:37:39 2012] [notice] SELinux policy enabled; httpd
>>> running
>>> as context unconfined_u:system_r:httpd_t:s0
>>> [Thu Jun 28 11:37:39 2012] [notice] suEXEC mechanism enabled
>>> (wrapper:
>>> /usr/sbin/suexec)
>>> [Thu Jun 28 11:37:39 2012] [notice] Digest: generating secret for
>>> digest
>>> authentication ...
>>> [Thu Jun 28 11:37:39 2012] [notice] Digest: done
>>> [Thu Jun 28 11:37:39 2012] [notice] Apache/2.2.15 (Unix) DAV/2
>>> PHP/5.3.3
>>> configured -- resuming normal operations
>>> /usr/share/cracklib/pw_dict.pwd: Permission denied
>>> PWOpen: Invalid argument
>>>
>>>
>>>
>>> Ich stehe hier etwas auf dem Schlauch.
>>> Hat jemand irgend eine Idee?
>>>
>>> LG Oliver Wiemer
>>
>>--
>>_______________________________________________
>>CentOS-de mailing list
>>CentOS-de at centos.org
>>http://lists.centos.org/mailman/listinfo/centos-de