Hi Guys, After some moths the server has been running in SELinux Permesive mode ... Some avc: denied messages has been recored ... I thought it was time to go to the next step and set SELinux Enforcing mode in the server ... it is a mail(postfix+cyrus+sasl), web, snmp with mrtg, squid sever with a local TLS configured for webmail access ... I took a look to the Deployment Guide about how to do it ... and tried to build modules with audit2allow from the /var/log/message The modules seem to work fine, because old avc denied messages desappeard ... but some messages like the following appear at /var/log/messages when I do a semodule -i modulename or semodule -r modulename : Oct 5 20:16:11 orion kernel: : exe="?" (sauid=81, hostname=?, addr=?, terminal=?)' Oct 5 20:16:11 orion kernel: audit(1223252171.572:8): policy loaded auid=4294967295 ses=4294967295 Oct 5 20:16:41 orion kernel: audit(1223252201.673:9): user pid=2172 uid=81 auid=4294967295 subj=system_u:system_r:system_dbus d_t:s0 msg='avc: received policyload notice (seqno=3) Oct 5 20:16:41 orion kernel: : exe="?" (sauid=81, hostname=?, addr=?, terminal=?)' Oct 5 20:16:41 orion kernel: audit(1223252201.676:10): policy loaded auid=4294967295 ses=4294967295 Oct 5 20:17:51 orion kernel: audit(1223252271.462:11): user pid=2172 uid=81 auid=4294967295 subj=system_u:system_r:system_dbu sd_t:s0 msg='avc: received policyload notice (seqno=4) Oct 5 20:17:51 orion kernel: : exe="?" (sauid=81, hostname=?, addr=?, terminal=?)' Oct 5 20:17:51 orion kernel: audit(1223252271.464:12): policy loaded auid=4294967295 ses=4294967295 Oct 5 20:19:06 orion kernel: audit(1223252346.208:13): user pid=2172 uid=81 auid=4294967295 subj=system_u:system_r:system_dbu sd_t:s0 msg='avc: received policyload notice (seqno=5) Oct 5 20:19:06 orion kernel: : exe="?" (sauid=81, hostname=?, addr=?, terminal=?)' Oct 5 20:19:06 orion kernel: audit(1223252346.211:14): policy loaded auid=4294967295 ses=4294967295 Oct 5 20:19:11 orion kernel: audit(1223252351.331:15): user pid=2172 uid=81 auid=4294967295 subj=system_u:system_r:system_dbu sd_t:s0 msg='avc: received policyload notice (seqno=6) Also, in the /var/log/httpd/ssl_error_log the following messages appear too: [Sun Oct 05 19:58:19 2008] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Sun Oct 05 19:58:19 2008] [warn] RSA server certificate CommonName (CN) `orion.ciget.cienfuegos.cu' does NOT match server nam e!? Really rare to me because that name `orion.ciget.cienfuegos.cu' is the actual server hostname. When try to connect to the webmail through https:// can't connect to it, the browser reports connection failed after a waiting of a few seconds. http:// works as expected. This machine is fully updated in CentOS-5.2. Linux orion.ciget.cienfuegos.cu 2.6.18-92.1.13.el5 #1 SMP Wed Sep 24 19:33:52 EDT 2008 i686 i686 i386 GNU/Linux Could you suggest something ? ... Thank you very much guys, al.