On 4/2/09 1:43 PM, "John Oliver" <[email protected]> wrote:
> I have several systems on which cron jobs are not being run. I suspect > selinux. I set up a cron job to echo text to /tmp/test at a given time > and then grabbed the relevant files from the audit.log They're > gibberish to me. I can see the word "failed" in there. Make sure the files in /etc/cron.* have execute set for the root user, the SRRs like them to be 700. > > Is this an issue with selinux? If so, what do I need to do to make it > allow cron? OS is RHEL5.2 and I've updated all selinux-related RPMs. > > type=SYSCALL msg=audit(1238693521.939:7372087): arch=40000003 syscall=5 > success=yes exit=3 a0=8015638 a1=8000 a2=1b6 a3=8013c60 items=3 > ppid=10198 pid=20166 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 > egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="crond" > exe="/usr/sbin/crond" subj=user_u:system_r:crond_t:s0-s0:c0.c1023 > key=(null) > type=SYSCALL msg=audit(1238693521.939:7372088): arch=40000003 syscall=5 > success=yes exit=5 a0=80144f0 a1=8000 a2=1b6 a3=8015df0 items=3 > ppid=10198 pid=20166 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 > egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="crond" > exe="/usr/sbin/crond" subj=user_u:system_r:crond_t:s0-s0:c0.c1023 > key=(null) > type=SYSCALL msg=audit(1238693521.940:7372089): arch=40000003 syscall=5 > success=yes exit=5 a0=80144f0 a1=8000 a2=1b6 a3=8018588 items=3 > ppid=10198 pid=20166 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 > egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="crond" > exe="/usr/sbin/crond" subj=user_u:system_r:crond_t:s0-s0:c0.c1023 > key=(null) > type=SYSCALL msg=audit(1238693521.941:7372090): arch=40000003 syscall=5 > success=yes exit=5 a0=8018758 a1=8000 a2=1b6 a3=8019250 items=3 > ppid=10198 pid=20166 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 > egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="crond" > exe="/usr/sbin/crond" subj=user_u:system_r:crond_t:s0-s0:c0.c1023 > key=(null) > type=SYSCALL msg=audit(1238693521.941:7372091): arch=40000003 syscall=5 > success=yes exit=3 a0=eb6566 a1=8000 a2=1b6 a3=8019250 items=3 > ppid=10198 pid=20166 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 > egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="crond" > exe="/usr/sbin/crond" subj=user_u:system_r:crond_t:s0-s0:c0.c1023 > key=(null) > type=SYSCALL msg=audit(1238693521.941:7372092): arch=40000003 syscall=5 > success=yes exit=3 a0=25b2e4 a1=0 a2=1b6 a3=801a988 items=3 ppid=10198 > pid=20166 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 > sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="crond" > exe="/usr/sbin/crond" subj=user_u:system_r:crond_t:s0-s0:c0.c1023 > key="CFG_shadow" > type=USER_ACCT msg=audit(1238693521.942:7372093): user pid=20166 uid=0 > auid=4294967295 subj=user_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: > accounting acct="root" : exe="/usr/sbin/crond" (hostname=?, addr=?, > terminal=cron res=failed)' > type=USER_END msg=audit(1238693521.942:7372094): user pid=20166 uid=0 > auid=4294967295 subj=user_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: > session close acct="root" : exe="/usr/sbin/crond" (hostname=?, addr=?, > terminal=cron res=success)' > > If this isn't selinux... what other possible culprits could I look at? > > Unfortunately, these systems were set up by someone else, and a lot of > "security" stuff has been done to them (government systems, bypassing > that stuff isn't an option) I'm constantly finding and fixing little > things caused by blind, stupid "security" scripts. Brandon Whalen Tresys Technology v: 443-539-0747 Suite 2100 f: 410-953-0494 8840 Stanford Blvd [email protected] Columbia, MD 21045 _______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
