Hi,
I downloaded the source of refpolicy in Hardy. (`apt-get source
refpolicy`). I compiled the policy and loaded it. And then I reboot the
system with PERMISSIVE mode. (add `enforcing=0` in the kernel options when
booting)
Now I cannot login the system remotely using ssh. Note that the system is
in PERMISSIVE mode! (`getenforce` returns `Permissive`). Everytime I tried
`ssh my_host_name` and enter the correct password, the client side shows
"Read from remote host my_host_name: Connection reset by peer
Connection to my_host_name."
And after each unsuccessful login, the /var/log/audit/audit.log file on the
server added a line:
"type=ANOM_ABEND msg=audit(1220746818.492:93): audit=4294967295 uid=1000
gid=1000 subj=system_u:system_r:sysadm_t pid=4713 comm="sshd" sig=6"
By the way, when I use `make load` to load the policy, there is a one-line
error message
'[19691.816572] secuirty; context system-u;system-r;sysadm-mail-t is
invalid'
I am not quite familiar with the messages. Can anyone help me to see what's
going?
Thanks,
Hong
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://oss.tresys.com/pipermail/refpolicy/attachments/20080906/5de1a6e1/attachment.html
I know this might sound stupid, but
Check and make sure /etc/selinux/config is in permissive
As well. I.g. A few months ago I couldn't boot, because of having that
file In enforcing.
justin P. Mattock
On Sep 6, 2008, at 5:36 PM, Hong <[email protected]> wrote:
> Hi,
>
> I downloaded the source of refpolicy in Hardy. (`apt-get source
> refpolicy`). I compiled the policy and loaded it. And then I
> reboot the system with PERMISSIVE mode. (add `enforcing=0` in the
> kernel options when booting)
>
> Now I cannot login the system remotely using ssh. Note that the
> system is in PERMISSIVE mode! (`getenforce` returns `Permissive`).
> Everytime I tried `ssh my_host_name` and enter the correct password,
> the client side shows
> "Read from remote host my_host_name: Connection reset by peer
> Connection to my_host_name."
>
> And after each unsuccessful login, the /var/log/audit/audit.log file
> on the server added a line:
> "type=ANOM_ABEND msg=audit(1220746818.492:93): audit=4294967295
> uid=1000 gid=1000 subj=system_u:system_r:sysadm_t pid=4713
> comm="sshd" sig=6"
>
> By the way, when I use `make load` to load the policy, there is a
> one-line error message
> '[19691.816572] secuirty; context system-u;system-r;sysadm-mail-t is
> invalid'
>
> I am not quite familiar with the messages. Can anyone help me to
> see what's going?
>
>
> Thanks,
> Hong
>
>
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
Thanks for your reply, Justin.
I just changed the line `SELINUX=enforcing` to `SELINUX=permissive` and
reboot the system.
After reboot, I checked `getenforce` and it returned `permissive`.
But still I cannot ssh to the machine remotely...
After each try with a correct password, /var/log/message doesn't grow but
/var/log/audit/audit.log grows with one line.
If I tried with an incorrect password, neither of the two log files changed.
Hong
On Sat, Sep 6, 2008 at 10:18 PM, Justin P. Mattock
<[email protected]>wrote:
> I know this might sound stupid, but
> Check and make sure /etc/selinux/config is in permissive
> As well. I.g. A few months ago I couldn't boot, because of having that file
> In enforcing.
>
> justin P. Mattock
>
>
>
>
> On Sep 6, 2008, at 5:36 PM, Hong <[email protected]> wrote:
>
> Hi,
>>
>> I downloaded the source of refpolicy in Hardy. (`apt-get source
>> refpolicy`). I compiled the policy and loaded it. And then I reboot the
>> system with PERMISSIVE mode. (add `enforcing=0` in the kernel options when
>> booting)
>>
>> Now I cannot login the system remotely using ssh. Note that the system is
>> in PERMISSIVE mode! (`getenforce` returns `Permissive`). Everytime I tried
>> `ssh my_host_name` and enter the correct password, the client side shows
>> "Read from remote host my_host_name: Connection reset by peer
>> Connection to my_host_name."
>>
>> And after each unsuccessful login, the /var/log/audit/audit.log file on
>> the server added a line:
>> "type=ANOM_ABEND msg=audit(1220746818.492:93): audit=4294967295 uid=1000
>> gid=1000 subj=system_u:system_r:sysadm_t pid=4713 comm="sshd" sig=6"
>>
>> By the way, when I use `make load` to load the policy, there is a one-line
>> error message
>> '[19691.816572] secuirty; context system-u;system-r;sysadm-mail-t is
>> invalid'
>>
>> I am not quite familiar with the messages. Can anyone help me to see
>> what's going?
>>
>>
>> Thanks,
>> Hong
>>
>>
>> _______________________________________________
>> refpolicy mailing list
>> refpolicy at oss.tresys.com
>> http://oss.tresys.com/mailman/listinfo/refpolicy
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://oss.tresys.com/pipermail/refpolicy/attachments/20080906/94cb8da0/attachment.html
Hmm a few days ago I was able to
Ssh into a machine that was in permissive without an issues, except
For making sure tcpwrappers were set right(/etc/host.*); but couldn't
into
The machine that was in full enforcment(didn't spend too much time
though); maybe xorg needs
Adjusting. Anyways check
/etc/host.* aren't blocking anything
As well as /etc/ssh/config is set right.
justin P. Mattock
On Sep 6, 2008, at 7:57 PM, Hong <[email protected]> wrote:
> Thanks for your reply, Justin.
>
> I just changed the line `SELINUX=enforcing` to `SELINUX=permissive`
> and reboot the system.
>
> After reboot, I checked `getenforce` and it returned `permissive`.
>
> But still I cannot ssh to the machine remotely...
> After each try with a correct password, /var/log/message doesn't
> grow but /var/log/audit/audit.log grows with one line.
> If I tried with an incorrect password, neither of the two log files
> changed.
>
>
> Hong
>
> On Sat, Sep 6, 2008 at 10:18 PM, Justin P. Mattock <[email protected]
> > wrote:
> I know this might sound stupid, but
> Check and make sure /etc/selinux/config is in permissive
> As well. I.g. A few months ago I couldn't boot, because of having
> that file In enforcing.
>
> justin P. Mattock
>
>
>
>
> On Sep 6, 2008, at 5:36 PM, Hong <[email protected]> wrote:
>
> Hi,
>
> I downloaded the source of refpolicy in Hardy. (`apt-get source
> refpolicy`). I compiled the policy and loaded it. And then I
> reboot the system with PERMISSIVE mode. (add `enforcing=0` in the
> kernel options when booting)
>
> Now I cannot login the system remotely using ssh. Note that the
> system is in PERMISSIVE mode! (`getenforce` returns `Permissive`).
> Everytime I tried `ssh my_host_name` and enter the correct password,
> the client side shows
> "Read from remote host my_host_name: Connection reset by peer
> Connection to my_host_name."
>
> And after each unsuccessful login, the /var/log/audit/audit.log file
> on the server added a line:
> "type=ANOM_ABEND msg=audit(1220746818.492:93): audit=4294967295
> uid=1000 gid=1000 subj=system_u:system_r:sysadm_t pid=4713
> comm="sshd" sig=6"
>
> By the way, when I use `make load` to load the policy, there is a
> one-line error message
> '[19691.816572] secuirty; context system-u;system-r;sysadm-mail-t is
> invalid'
>
> I am not quite familiar with the messages. Can anyone help me to
> see what's going?
>
>
> Thanks,
> Hong
>
>
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://oss.tresys.com/pipermail/refpolicy/attachments/20080906/7989cecb/attachment.html
On Sat, Sep 06, 2008 at 10:57:26PM -0400, Hong wrote:
> Thanks for your reply, Justin.
>
> I just changed the line `SELINUX=enforcing` to `SELINUX=permissive` and
> reboot the system.
>
> After reboot, I checked `getenforce` and it returned `permissive`.
>
> But still I cannot ssh to the machine remotely...
> After each try with a correct password, /var/log/message doesn't grow but
> /var/log/audit/audit.log grows with one line.
> If I tried with an incorrect password, neither of the two log files changed.
Did you relabel file-system?
If you have some SE Linux problem (denials), sshd may fail even in
permissive mode, because it is SE Linux aware application and it can
choose different code flow with SE Linux enabled. Running the system in
permissive mode is not the same as running the system with SE Linux
switched off. I observed this sshd problem too.
Regards
--
Zito
On Sun, Sep 7, 2008 at 11:25 PM, V?clav Ovs?k <[email protected]> wrote:
> On Sat, Sep 06, 2008 at 10:57:26PM -0400, Hong wrote:
>> Thanks for your reply, Justin.
>>
>> I just changed the line `SELINUX=enforcing` to `SELINUX=permissive` and
>> reboot the system.
>>
>> After reboot, I checked `getenforce` and it returned `permissive`.
>>
>> But still I cannot ssh to the machine remotely...
>> After each try with a correct password, /var/log/message doesn't grow but
>> /var/log/audit/audit.log grows with one line.
>> If I tried with an incorrect password, neither of the two log files changed.
>
> Did you relabel file-system?
> If you have some SE Linux problem (denials), sshd may fail even in
> permissive mode, because it is SE Linux aware application and it can
> choose different code flow with SE Linux enabled. Running the system in
> permissive mode is not the same as running the system with SE Linux
> switched off. I observed this sshd problem too.
> Regards
> --
> Zito
>
I wondering if he disabled SELinux completly,
just to isolate the issue.
--
Justin P. Mattock
Hong wrote:
> I downloaded the source of refpolicy in Hardy. (`apt-get source
> refpolicy`). I compiled the policy and loaded it. And then I reboot
> the system with PERMISSIVE mode. (add `enforcing=0` in the kernel
> options when booting)
>
> Now I cannot login the system remotely using ssh. Note that the system
> is in PERMISSIVE mode! (`getenforce` returns `Permissive`). Everytime I
> tried `ssh my_host_name` and enter the correct password, the client side
> shows
> "Read from remote host my_host_name: Connection reset by peer
> Connection to my_host_name."
>
> And after each unsuccessful login, the /var/log/audit/audit.log file on
> the server added a line:
> "type=ANOM_ABEND msg=audit(1220746818.492:93): audit=4294967295 uid=1000
> gid=1000 subj=system_u:system_r:sysadm_t pid=4713 comm="sshd" sig=6"
The way I read this is the sshd process ended with signal 6 which is
Abort. The type ANOM_ABEND I think decodes to Anomalous - Abnormal End.
> By the way, when I use `make load` to load the policy, there is a
> one-line error message
> '[19691.816572] secuirty; context system-u;system-r;sysadm-mail-t is
> invalid'
I suspect this is closer to where your problem lies. For one, I'd
expect underscores instead of dashes in the context. I'd try removing
and trying to rebuild and install the policy cleanly. Is it possible to
get a pre-built policy for Hardy? It might be useful to see if the
problem exists there as well.
-matt