[tclug-list] SELinux rocks

Wed Aug 16 10:06:11 CDT 2006

SELinux is an underlying security architecture which introduces a second
set of permissions underneath Linux. It was created by the NSA and comes
turned on in most RH based distros (FC, CentOS) and is available for
others. It takes a good deal of configuration and understanding, but it
can save you from many many nasty hacks and vulnerabilities.

Mike Miller wrote:

>On Wed, 16 Aug 2006, Jay Austad wrote:
>
>  
>
>>Aug 13 20:11:41 plato kernel: audit(1155517901.898:9): avc:  denied
>>{ execute } for  pid=19354 comm="httpd" name="bash" dev=sda2
>>ino=5210181 scontext=root:system_r:httpd_t:s0
>>tcontext=system_u:object_r:shell_exec_t:s0 tclass=file
>>
>>If you're not running it, you should.
>>    
>>
>
>That's interesting, Jay.  Can you (or anyone) explain the code above?  Is 
>that a line from a log file?  Apparently the system did not allow 
>execution of something, but was that something that Linux would have 
>allowed and it would have had devastating effects?
>
>Mike
>
>_______________________________________________
>TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
>tclug-list at mn-linux.org
>http://mailman.mn-linux.org/mailman/listinfo/tclug-list
>  
>

-- 
==============================================
Nate Sanders                  nate at ima.umn.edu
Associate Systems Manager     (612) 624 - 4353
           http://www.ima.umn.edu/
==============================================
Institute for Mathematics and its Applications
University of Minnesota
400 Lind Hall, 207 Church St. SE
Minneapolis, MN 55455-0463
============================================== 