[SOLVED] SElinux and munin

Support for security such as Firewalls and securing linux

[SOLVED] SElinux and munin

Postby Blisk » 2012/01/27 12:48:15

Munin disk stats doesn't work if SElinux is not on permisive mode at enforcing doesn't work.
I tryed
ausearch -m avc -ts today | audit2allow -M myfix1

And after added policy.
But still doesn't work.

I searched google if there are some rules or how to do it, but didn't find anything.
Can someone help me with this one?
Blisk
 
Posts: 94
Joined: 2011/07/04 14:49:51

Re: SElinux and munin

Postby TrevorH » 2012/01/27 12:57:29

So what denials are in the logs after you added your new policy?
User avatar
TrevorH
Forum Moderator
 
Posts: 9103
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: SElinux and munin

Postby Blisk » 2012/01/27 21:32:30

type=CRED_ACQ msg=audit(1327699501.896:217): user pid=6028 uid=0 auid=42996295 ses=42996795 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="munin" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
type=LOGIN msg=audit(1327699501.905:218): pid=6028 uid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 old auid=42996795 new auid=477 old ses=4294967295 new ses=7
type=USER_START msg=audit(13276501.906:219): user pid=6028 uid=0 auid=477 ses=7 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="munin" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
type=CRED_DISP msg=audit(13269512.276:220): user pid=6028 uid=477 auid=477 ses=7 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="munin" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
type=USER_END msg=audit(13769512.277:221): user pid=6028 uid=477 auid=477 ses=7 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="munin" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
Blisk
 
Posts: 94
Joined: 2011/07/04 14:49:51

Re: SElinux and munin

Postby TrevorH » 2012/01/28 03:01:18

Nothing there that seems to be a denial.

If you have the audit daemon running then more is logged to /var/log/audit/audit.log than just denials but nothing is logged to /var/log/messages. However if audit is not installed then the denials only are logged to /var/log/messages.

There are some denials that are flagged as "dontaudit" so you may be tripping over one of those. You can temporarily disable the dontaudit logging override by running

Code: Select all
semodule -DB


This will now log the dontaudit events. When you've finished wading through that lot you can enable the dontaudit logging again by running

Code: Select all
semodule -B


Method cribbed from here.
User avatar
TrevorH
Forum Moderator
 
Posts: 9103
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: SElinux and munin

Postby Blisk » 2012/01/28 09:32:47

Audit is installed and running. I will do what you suggest and than check Selinux log if there is something new.
Blisk
 
Posts: 94
Joined: 2011/07/04 14:49:51

Re: SElinux and munin

Postby Blisk » 2012/01/28 11:14:40

type=AVC msg=audit(1327749009.712:60073): avc: denied { rlimitinh } for pid=7081 comm="yum" scontext=unconfined_u:system_r:munin_t:s0 tcontext=unconfined_u:system_r:munin_system_plugin_t:s0 tclass=process
type=AVC msg=audit(1327749009.712:60073): avc: denied { siginh } for pid=7081 comm="yum" scontext=unconfined_u:system_r:munin_t:s0 tcontext=unconfined_u:system_r:munin_system_plugin_t:s0 tclass=process
type=AVC msg=audit(1327749009.712:60073): avc: denied { noatsecure } for pid=7081 comm="yum" scontext=unconfined_u:system_r:munin_t:s0 tcontext=unconfined_u:system_r:munin_system_plugin_t:s0 tclass=process
type=SYSCALL msg=audit(1327749009.712:60073): arch=c000003e syscall=59 success=yes exit=0 a0=224f920 a1=224f8d0 a2=2236960 a3=8 items=0 ppid=6596 pid=7081 auid=0 uid=99 gid=471 euid=99 suid=99 fsuid=99 egid=471 sgid=471 fsgid=471 tty=(none) ses=235 comm="yum" exe="/usr/bin/perl" subj=unconfined_u:system_r:munin_system_plugin_t:s0 key=(null)
type=AVC msg=audit(1327749009.776:60074): avc: denied { rlimitinh } for pid=7082 comm="yum" scontext=unconfined_u:system_r:munin_t:s0 tcontext=unconfined_u:system_r:munin_system_plugin_t:s0 tclass=process
type=AVC msg=audit(1327749009.776:60074): avc: denied { siginh } for pid=7082 comm="yum" scontext=unconfined_u:system_r:munin_t:s0 tcontext=unconfined_u:system_r:munin_system_plugin_t:s0 tclass=process
type=AVC msg=audit(1327749009.776:60074): avc: denied { noatsecure } for pid=7082 comm="yum" scontext=unconfined_u:system_r:munin_t:s0 tcontext=unconfined_u:system_r:munin_system_plugin_t:s0 tclass=process
type=SYSCALL msg=audit(1327749009.776:60074): arch=c000003e syscall=59 success=yes exit=0 a0=21e65f0 a1=22412d0 a2=2236960 a3=8 items=0 ppid=6596 pid=7082 auid=0 uid=99 gid=471 euid=99 suid=99 fsuid=99 egid=471 sgid=471 fsgid=471 tty=(none) ses=235 comm="yum" exe="/usr/bin/perl" subj=unconfined_u:system_r:munin_system_plugin_t:s0 key=(null)
type=CRED_DISP msg=audit(1327749011.568:60075): user pid=6585 uid=477 auid=477 ses=268 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="munin" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
type=USER_END msg=audit(1327749011.568:60076): user pid=6585 uid=477 auid=477 ses=268 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="munin" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
Blisk
 
Posts: 94
Joined: 2011/07/04 14:49:51

Re: SElinux and munin

Postby Blisk » 2012/01/28 14:36:03

Now I did again
ausearch -m avc -ts today | audit2allow -M myfix2

And it work now with enabled SElinux
Blisk
 
Posts: 94
Joined: 2011/07/04 14:49:51

[SOLVED] SElinux and munin

Postby pschaff » 2012/01/28 14:38:30

Excellent news. So, can we now mark this thread [SOLVED] for posterity?
pschaff
Retired Moderator
 
Posts: 18277
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America

Re: SElinux and munin [SOLVED]

Postby Blisk » 2012/01/29 09:13:30

Yes we can change status. I checked munin it works and checked SElinux and also all is on.

SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: enforcing
Mode from config file: enforcing
Policy version: 24
Policy from config file: targeted
Blisk
 
Posts: 94
Joined: 2011/07/04 14:49:51

Re: SElinux and munin [SOLVED]

Postby pschaff » 2012/01/29 15:13:37

Done. Thanks for reporting back.
pschaff
Retired Moderator
 
Posts: 18277
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America

Next

Return to CentOS 6 - Security Support

Who is online

Users browsing this forum: No registered users and 2 guests