| 1 |
Hey, everyone =) |
| 2 |
|
| 3 |
First of all, I would like to say that I just installed SELinux /late/ last |
| 4 |
night, so I don't have that much of an understand about what exactly I need |
| 5 |
to do to fix my problems. |
| 6 |
|
| 7 |
The first, and most important, problem I am having occurs when I am in |
| 8 |
permissive mode. I have attached the relevant /var/log/kern.log segments and |
| 9 |
put them up on my website -- the URL is |
| 10 |
<http://tehunlose.com/tmp/sehelp.txt>. The reason why I say it is the most |
| 11 |
important is because, with the errors provided and while the amavisd.log says |
| 12 |
that everything is happening okay, I am not quite sure that amavisd is able |
| 13 |
to do what it *needs* to do (SpamAssassin filtering and clamav/clamd |
| 14 |
fitlering). |
| 15 |
|
| 16 |
The second problem I am having occurs when I enter enforcing mode. I have a |
| 17 |
proftpd daemon running. When I enter into enforcing mode, my users can no |
| 18 |
longer authenticate sucessfully, although they can telnet in. If/when they |
| 19 |
telnet in during enforce mode, their username is accepted but their correct |
| 20 |
password is rejected. The users are able to SSH in, though, so I am guessing |
| 21 |
it's a a problem with my policies. |
| 22 |
|
| 23 |
The third problem also occurs during enforce mode. When I try to send mail to |
| 24 |
myself through telnet (for debugging purposes, I'm not that oldschool ;)), |
| 25 |
everything *appears* to go through correctly. However, I never receive the |
| 26 |
mail. I notice no evidence of a problem in any of my log files. In fact, |
| 27 |
that brings me to my fourth problem. |
| 28 |
|
| 29 |
When I enter enforcing mode, all of my log files stop flowing -- all of them. |
| 30 |
kern.log, messages, etc., they all just... stop. I am guessing that the log |
| 31 |
files can not be written under my current policies, but that is just my |
| 32 |
haphazard guess. |
| 33 |
|
| 34 |
Also, in enforcing mode, I can no longer scp to or from my SELinux box. |
| 35 |
|
| 36 |
For my policy, I am currently using pebenito's base-policy for the June 26th, |
| 37 |
2003. |
| 38 |
|
| 39 |
Thank you :) |
| 40 |
-- |
| 41 |
Zack Gilburd |
| 42 |
http://tehunlose.com |
| 43 |
GnuPG Key ID: A79A45668240AB6C |
Archives