From: justinmattock@gmail.com (Justin P. Mattock) Date: Sat, 6 Sep 2008 20:32:47 -0700 Subject: [refpolicy] Cannot use SSH with Refpolicy in Ubuntu Hardy In-Reply-To: References: Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Hmm a few days ago I was able to Ssh into a machine that was in permissive without an issues, except For making sure tcpwrappers were set right(/etc/host.*); but couldn't into The machine that was in full enforcment(didn't spend too much time though); maybe xorg needs Adjusting. Anyways check /etc/host.* aren't blocking anything As well as /etc/ssh/config is set right. justin P. Mattock On Sep 6, 2008, at 7:57 PM, Hong wrote: > Thanks for your reply, Justin. > > I just changed the line `SELINUX=enforcing` to `SELINUX=permissive` > and reboot the system. > > After reboot, I checked `getenforce` and it returned `permissive`. > > But still I cannot ssh to the machine remotely... > After each try with a correct password, /var/log/message doesn't > grow but /var/log/audit/audit.log grows with one line. > If I tried with an incorrect password, neither of the two log files > changed. > > > Hong > > On Sat, Sep 6, 2008 at 10:18 PM, Justin P. Mattock > wrote: > I know this might sound stupid, but > Check and make sure /etc/selinux/config is in permissive > As well. I.g. A few months ago I couldn't boot, because of having > that file In enforcing. > > justin P. Mattock > > > > > On Sep 6, 2008, at 5:36 PM, Hong wrote: > > Hi, > > I downloaded the source of refpolicy in Hardy. (`apt-get source > refpolicy`). I compiled the policy and loaded it. And then I > reboot the system with PERMISSIVE mode. (add `enforcing=0` in the > kernel options when booting) > > Now I cannot login the system remotely using ssh. Note that the > system is in PERMISSIVE mode! (`getenforce` returns `Permissive`). > Everytime I tried `ssh my_host_name` and enter the correct password, > the client side shows > "Read from remote host my_host_name: Connection reset by peer > Connection to my_host_name." > > And after each unsuccessful login, the /var/log/audit/audit.log file > on the server added a line: > "type=ANOM_ABEND msg=audit(1220746818.492:93): audit=4294967295 > uid=1000 gid=1000 subj=system_u:system_r:sysadm_t pid=4713 > comm="sshd" sig=6" > > By the way, when I use `make load` to load the policy, there is a > one-line error message > '[19691.816572] secuirty; context system-u;system-r;sysadm-mail-t is > invalid' > > I am not quite familiar with the messages. Can anyone help me to > see what's going? > > > Thanks, > Hong > > > _______________________________________________ > refpolicy mailing list > refpolicy at oss.tresys.com > http://oss.tresys.com/mailman/listinfo/refpolicy > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://oss.tresys.com/pipermail/refpolicy/attachments/20080906/7989cecb/attachment.html