[CentOS] Logwatch verbosity

Wed Sep 22 00:53:49 UTC 2010
Timothy Murphy <gayleard at eircom.net>

m.roth at 5-cent.us wrote:

>> I'm getting literally hundreds of lines in my daily logwatch
>> (under Centos-5.5), reading
>> ---------------------------------------
>> NULL security context for user, but SELinux in permissive mode,
>> continuing ()
>> ---------------------------------------
>> These began when I started running fail2ban (with shorewall),
>> though that is probably a coincidence.
>> In any case, what does this line mean,
>> and is there any way of stopping it (short of stopping selinux)?

> Sounds to me as though it's *not* a coincidence. Who does fail2ban run as
> - for us, it's root, but is it different for you?

It is running as root, according to "ps aux | grep fail2ban".
(I run it as a service "sudo service fail2ban restart".)

Do you get my message (NULL security context ...)?
I've no idea what this means, or what it is referring to.

Timothy Murphy  
e-mail: gayleard /at/ eircom.net
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland