Hi Michael, I failed to find anything useful in the audit.log file as you recommended besides failed login attempts. Thought I'd share this as well
# ps auxw | grep snmp snmp 24569 0.0 0.1 65068 8564 ? S 09:28 0:07 /usr/sbin/snmpd -Lsd -Lf /dev/null -u snmp -g snmp -I -smux mteTrigger mteTriggerConf -p /run/snmpd.pid root 26031 0.0 0.0 12940 968 pts/0 S+ 12:03 0:00 grep --color=auto snmp # ps auxw | grep pdns pdns 25624 0.1 0.1 1416756 16036 ? Ssl 11:11 0:03 /usr/sbin/pdns_recursor --daemon=no --write-pid=no --disable-syslog --log-timestamp=no root 26036 0.0 0.0 12940 1084 pts/0 S+ 12:04 0:00 grep --color=auto pdns # netstat -nl Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 10.157.4.178:53 0.0.0.0:* LISTEN tcp 0 0 41.210.187.101:53 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp6 0 0 :::22 :::* LISTEN udp 0 0 10.157.4.178:53 0.0.0.0:* udp 0 0 41.210.187.101:53 0.0.0.0:* udp 0 0 127.0.0.1:53 0.0.0.0:* udp 0 0 0.0.0.0:161 0.0.0.0:* udp6 0 0 ::1:161 :::* Active UNIX domain sockets (only servers) Proto RefCnt Flags Type State I-Node Path unix 2 [ ACC ] STREAM LISTENING 664628 /run/user/1000/systemd/private unix 2 [ ACC ] STREAM LISTENING 620630 /run/user/1001/systemd/private unix 2 [ ACC ] SEQPACKET LISTENING 11972 /run/udev/control unix 2 [ ACC ] STREAM LISTENING 14915 /run/uuidd/request unix 2 [ ACC ] STREAM LISTENING 15150 /var/run/dbus/system_bus_socket unix 2 [ ACC ] STREAM LISTENING 15047 /var/lib/lxd/unix.socket unix 2 [ ACC ] STREAM LISTENING 15151 /run/snapd.socket unix 2 [ ACC ] STREAM LISTENING 15152 /run/snapd-snap.socket unix 2 [ ACC ] STREAM LISTENING 11885 /run/systemd/private unix 2 [ ACC ] STREAM LISTENING 11967 /run/systemd/journal/stdout unix 2 [ ACC ] STREAM LISTENING 11969 /run/lvm/lvmetad.socket unix 2 [ ACC ] STREAM LISTENING 11970 /run/systemd/fsck.progress unix 2 [ ACC ] STREAM LISTENING 10457 /run/lvm/lvmpolld.socket unix 2 [ ACC ] STREAM LISTENING 18924 /var/run/fail2ban/fail2ban.sock unix 2 [ ACC ] STREAM LISTENING 16697 @ISCSIADM_ABSTRACT_NAMESPACE unix 2 [ ACC ] STREAM LISTENING 15070 /run/acpid.socket# Regards, Sharone B. On Tue, 7 Jan 2020 at 22:02, Michael Ströder <mich...@stroeder.com> wrote: > On 1/7/20 3:00 PM, Sharone Bakara wrote: > > On 7 Jan 2020, at 16:55, Remi Gacogne <remi.gaco...@powerdns.com> wrote: > >> On 1/7/20 2:41 PM, Sharone wrote: > >>> '/var/run/pdns-recursor': Permission denied"* > >> I'm not sure of what your SNMP setup is, but it looks like the user > >> invoking rec_control does not have the rights to create a new file in > >> /var/run/pdns-recursor. What happens if you invoke the rec_control > >> command directly as the 'pdns' user? > > > > I get the same error as when I run it root. > > Whenever "permissions denied" happens while running an action as root > I'd check whether SELinux or AppArmor blocks some access. > => check your audit log (assuming you're running auditd) > > Ciao, Michael. >
_______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users