kernel audit messages avc

Support for security such as Firewalls and securing linux
Post Reply
brianstorm
Posts: 23
Joined: 2006/01/06 14:23:30

kernel audit messages avc

Post by brianstorm » 2007/03/12 16:49:16

Hi,

I have repeated entries in my /var/log/messages and I am unsure as to what they represent... if anyone can advise me I'd be greatful... here is a sample of three diffrenent messages:

Mar 12 16:03:05 serverxxxxxx kernel: audit(1173715385.367:3743): avc: denied { read write } for pid=21082 comm="named" name="sessiondb.dir" dev=hda1 ino=379635 scontext=root:system_r:named_t tcontext=root:object_r:var_t tclass=file

Mar 12 15:47:52 serverxxxxxx kernel: audit(1173714472.155:3735): avc: denied { read write } for pid=20749 comm="nscd" name="sessiondb.dir" dev=hda1 ino=379635 scontext=root:system_r:nscd_t tcontext=root:object_r:var_t tclass=file

Mar 12 15:47:52 serverxxxxxx kernel: audit(1173714472.044:3728): avc: denied { read write } for pid=20743 comm="nscd" name="sessiondb.pag" dev=hda1 ino=379630 scontext=root:system_r:nscd_t tcontext=root:object_r:var_t tclass=file


I am concerned as to whether there is a security risk, or a config error. And I am wondering if there is a GUI based tool for analysing these messages (I am running a webserver)


Thanks

Brian

Post Reply

Return to “CentOS 4 - Security Support”