On Thursday 02 April 2009 01:43:04 pm John Oliver wrote: > Is this an issue with selinux? If so, what do I need to do to make it > allow cron? OS is RHEL5.2 and I've updated all selinux-related RPMs. > > type=SYSCALL msg=audit(1238693521.939:7372087): arch=40000003 syscall=5 > success=yes exit=3 a0=8015638 a1=8000 a2=1b6 a3=8013c60 items=3 > ppid=10198 pid=20166 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 > egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="crond" > exe="/usr/sbin/crond" subj=user_u:system_r:crond_t:s0-s0:c0.c1023 > key=(null)
On the 386 processor, this is an open syscall and it succeeded. Normally, there is also a PATH record that shows what was being opened. That seems to be missing. If SE Linux were involved, you would see AVC events. You can find these with ausearch --start today -t avc > If this isn't selinux... what other possible culprits could I look at? Right now, you are showing successful calls. We haven't found what's really blocking you. Maybe look at /etc/cron.allow? > Unfortunately, these systems were set up by someone else, and a lot of > "security" stuff has been done to them (government systems, bypassing > that stuff isn't an option) I'm constantly finding and fixing little > things caused by blind, stupid "security" scripts. The DISA STIG has bad audit rules. I am working with them to correct this. -Steve _______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
