I have tracked it down to being an SELinux problem. crond_t is trying to read/write lastlog_t and faillog_t files. Has anyone else run in to this problem or have recommendations?
My findings so far have shown that cron requires auth, account, and session from password-auth. Inside password-auth we have the appropriate faillock/lastlog lines in auth/account/session.
Previously we have put the faillock/lastlog lines in the individual services that users can use to access the system (gdm, sshd, login, etc) but this was not compliant with the SSG/STIG.
Should we go back to placing these lines in the individual services or grant the permission to crond_t? Could this be because we disable the unconfined domain?
Thanks, -josh -- 404.407.6630
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
