[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Ossec-list] /etc/init.d/ossec uid is 1000
- Subject: [Ossec-list] /etc/init.d/ossec uid is 1000
- From: oleksander.panchuk at cbn-cis.org (Oleksander Panchuk)
- Date: Thu, 18 May 2006 20:40:41 +0300
Hello,
It's a very good program (ver 0.8), but.
I run install.sh from root account on Fedora 5 (Selinux is enabled).
Now, a few things I couldn't understand.
1) /etc/init.d/ossec uid left 1000.
2) [root at bin]# ls -Z
-rwxr-xr-x 1000 1000 user_u:object_r:var_t
disable-account.sh
-rwxr-xr-x 1000 1000 user_u:object_r:var_t
firewall-drop.sh
-rwxr-xr-x 1000 1000 user_u:object_r:var_t host-deny.sh
3) /log/audit/audit.log
type=AVC msg=audit(1147955658.066:3615): avc: denied { recvfrom }
for pid=2376 comm="osssec-analysisd"
scontext=system_u:object_r:unlabeled_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=association
Thanks for your answers,
Alexandr.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.underlinux.com.br/pipermail/ossec-list/attachments/20060518/c05c37ac/attachment.html
OSSEC home |
Main Index |
Thread Index
OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.