I have several systems on which cron jobs are not being run. I suspect selinux. I set up a cron job to echo text to /tmp/test at a given time and then grabbed the relevant files from the audit.log They're gibberish to me. I can see the word "failed" in there.
Is this an issue with selinux? If so, what do I need to do to make it allow cron? OS is RHEL5.2 and I've updated all selinux-related RPMs. type=SYSCALL msg=audit(1238693521.939:7372087): arch=40000003 syscall=5 success=yes exit=3 a0=8015638 a1=8000 a2=1b6 a3=8013c60 items=3 ppid=10198 pid=20166 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="crond" exe="/usr/sbin/crond" subj=user_u:system_r:crond_t:s0-s0:c0.c1023 key=(null) type=SYSCALL msg=audit(1238693521.939:7372088): arch=40000003 syscall=5 success=yes exit=5 a0=80144f0 a1=8000 a2=1b6 a3=8015df0 items=3 ppid=10198 pid=20166 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="crond" exe="/usr/sbin/crond" subj=user_u:system_r:crond_t:s0-s0:c0.c1023 key=(null) type=SYSCALL msg=audit(1238693521.940:7372089): arch=40000003 syscall=5 success=yes exit=5 a0=80144f0 a1=8000 a2=1b6 a3=8018588 items=3 ppid=10198 pid=20166 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="crond" exe="/usr/sbin/crond" subj=user_u:system_r:crond_t:s0-s0:c0.c1023 key=(null) type=SYSCALL msg=audit(1238693521.941:7372090): arch=40000003 syscall=5 success=yes exit=5 a0=8018758 a1=8000 a2=1b6 a3=8019250 items=3 ppid=10198 pid=20166 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="crond" exe="/usr/sbin/crond" subj=user_u:system_r:crond_t:s0-s0:c0.c1023 key=(null) type=SYSCALL msg=audit(1238693521.941:7372091): arch=40000003 syscall=5 success=yes exit=3 a0=eb6566 a1=8000 a2=1b6 a3=8019250 items=3 ppid=10198 pid=20166 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="crond" exe="/usr/sbin/crond" subj=user_u:system_r:crond_t:s0-s0:c0.c1023 key=(null) type=SYSCALL msg=audit(1238693521.941:7372092): arch=40000003 syscall=5 success=yes exit=3 a0=25b2e4 a1=0 a2=1b6 a3=801a988 items=3 ppid=10198 pid=20166 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="crond" exe="/usr/sbin/crond" subj=user_u:system_r:crond_t:s0-s0:c0.c1023 key="CFG_shadow" type=USER_ACCT msg=audit(1238693521.942:7372093): user pid=20166 uid=0 auid=4294967295 subj=user_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct="root" : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=failed)' type=USER_END msg=audit(1238693521.942:7372094): user pid=20166 uid=0 auid=4294967295 subj=user_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct="root" : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)' If this isn't selinux... what other possible culprits could I look at? Unfortunately, these systems were set up by someone else, and a lot of "security" stuff has been done to them (government systems, bypassing that stuff isn't an option) I'm constantly finding and fixing little things caused by blind, stupid "security" scripts. -- *********************************************************************** * John Oliver http://www.john-oliver.net/ * * * *********************************************************************** _______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
