From: mra@hp.com (Matt Anderson) Date: Thu, 11 Sep 2008 15:30:55 -0400 Subject: [refpolicy] [ubuntu-hardened] Cannot use SSH with Refpolicy in Ubuntu Hardy In-Reply-To: References: Message-ID: <48C971EF.5010708@hp.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Hong wrote: > I downloaded the source of refpolicy in Hardy. (`apt-get source > refpolicy`). I compiled the policy and loaded it. And then I reboot > the system with PERMISSIVE mode. (add `enforcing=0` in the kernel > options when booting) > > Now I cannot login the system remotely using ssh. Note that the system > is in PERMISSIVE mode! (`getenforce` returns `Permissive`). Everytime I > tried `ssh my_host_name` and enter the correct password, the client side > shows > "Read from remote host my_host_name: Connection reset by peer > Connection to my_host_name." > > And after each unsuccessful login, the /var/log/audit/audit.log file on > the server added a line: > "type=ANOM_ABEND msg=audit(1220746818.492:93): audit=4294967295 uid=1000 > gid=1000 subj=system_u:system_r:sysadm_t pid=4713 comm="sshd" sig=6" The way I read this is the sshd process ended with signal 6 which is Abort. The type ANOM_ABEND I think decodes to Anomalous - Abnormal End. > By the way, when I use `make load` to load the policy, there is a > one-line error message > '[19691.816572] secuirty; context system-u;system-r;sysadm-mail-t is > invalid' I suspect this is closer to where your problem lies. For one, I'd expect underscores instead of dashes in the context. I'd try removing and trying to rebuild and install the policy cleanly. Is it possible to get a pre-built policy for Hardy? It might be useful to see if the problem exists there as well. -matt