-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/23/2013 07:15 AM, Ken Smith wrote: > > James Hogarth wrote: >> On 23 Jul 2013 07:42, "Ken Smith"<kens at kensnet.org> wrote: >> >>>> >>> For some reason auditd wasn't running or enabled. I'm now seeing the >>> messages I needed in /var/log/messages. I'm running bind chrooted and >>> various other tweeks mean I need to set SELinux accordingly. >>> >>> >> Bind chroot via the standard chroot package should just with with >> selinux... >> >> Be careful that you don't just follow the audit.log blindly (eg >> audit2allow -aM) but think through each but carefully... >> >> I'd suggest starting for each exception with "is this already covered by >> a boolean" and then double checking your file contexts before even >> considering an additional custom module. >> >> > For some reason SELinux was blocking the updates to the zone files that are > the result of DHCP leases being issued. Fixed now. Also I run MailScanner > and the SELinux context needed corrected on mqueue.in, in addition to > allowing SSH to operate on the non-standard port I've set it to. > > Thanks > > Ken > named_write_master_zones boolean? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlHug3sACgkQrlYvE4MpobMBCwCgjylf0DDKk3nl8gfBXwfrG8dA 9AQAoLX8zbv56mHJK5Xql8PCRkKDZlfn =b2mZ -----END PGP SIGNATURE-----