| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 17 Mar 2010 23:42:21 -0700
From: Justin Mattock <justinmattock@...il.com>
To: Eric Paris <eparis@...isplace.org>
Cc: tresys <refpolicy@...1.tresys.com>,
SE-Linux <selinux@...ho.nsa.gov>, Joe Perches <joe@...ches.com>,
libc-help@...rceware.org,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: new: loads of audit messgs
o.k. here's the bisect result of why/what is happening with nscd and
the avc's that seem to be missing or partly there:
ef0658f3de484bf9b173639cd47544584e01efa5 is the first bad commit
with the latest HEAD if I do a git revert ef0658f then the audit
messages are showing themselves for nscd.
I can attach dmesg of the good/bad if needed(might be too big in size to send)
here's what I see with a good boot and a bad boot:
bad:
[ 7.284796] generic-usb 0003:05AC:820A.0005: input: USB HID v1.11
Keyboard [HID 05ac:820a] on usb-0000:00:06.0-1.2/input0
[ 7.352310] usb 4-1.3: new full speed USB device using ohci_hcd and address 5
[ 7.465655] input: HID 05ac:820b as
/devices/pci0000:00/0000:00:06.0/usb4/4-1/4-1.3/4-1.3:1.0/input/input9
[ 7.495826] generic-usb 0003:05AC:820B.0006: input: USB HID v1.11
Mouse [HID 05ac:820b] on usb-0000:00:06.0-1.3/input0
[ 8.174301] type=1107 audit(1268891709.174:3): user pid=1270 uid=0
auid=4294967295 ses=4294967295 subj=system_u:system_r:initrc_t:s0
msg=''
[ 8.190628] type=1107 audit(1268891709.190:4): user pid=1270 uid=0
auid=4294967295 ses=4294967295 subj=system_u:system_r:initrc_t:s0
msg=''
[ 8.191284] type=1107 audit(1268891709.191:5): user pid=1270 uid=0
auid=4294967295 ses=4294967295 subj=system_u:system_r:initrc_t:s0
msg=''
[ 8.419552] ip_tables: (C) 2000-2006 Netfilter Core Team
[ 8.444388] nf_conntrack version 0.5.0 (16384 buckets, 65536 max)
[ 8.444784] CONFIG_NF_CT_ACCT is deprecated and will be removed
soon. Please use
[ 8.444787] nf_conntrack.acct=1 kernel parameter, acct=1
nf_conntrack module option or
[ 8.444789] sysctl net.netfilter.nf_conntrack_acct=1 to enable it.
[ 8.651874] type=1107 audit(1268891709.651:6): user pid=1270 uid=0
auid=4294967295 ses=4294967295 subj=system_u:system_r:initrc_t:s0
msg=''
[ 8.652623] type=1107 audit(1268891709.652:7): user pid=1270 uid=0
auid=4294967295 ses=4294967295 subj=system_u:system_r:initrc_t:s0
msg=''
[ 9.627717] type=1107 audit(1268891710.627:8): user pid=1270 uid=0
auid=4294967295 ses=4294967295 subj=system_u:system_r:initrc_t:s0
msg=''
[ 9.628468] type=1107 audit(1268891710.628:9): user pid=1270 uid=0
auid=4294967295 ses=4294967295 subj=system_u:system_r:initrc_t:s0
msg=''
[ 14.367538] type=1107 audit(1268891715.367:10): user pid=1270 uid=0
auid=4294967295 ses=4294967295 subj=system_u:system_r:initrc_t:s0
msg=''
[ 17.533134] type=1107 audit(1268891718.533:11): user pid=1270 uid=0
auid=4294967295 ses=4294967295 subj=system_u:system_r:initrc_t:s0
msg=''
[ 17.544443] type=1100 audit(1268891718.544:12): user pid=1349 uid=0
auid=4294967295 ses=4294967295
subj=system_u:system_r:local_login_t:s0-s0:c0.c255 msg=''
[ 17.547677] type=1101 audit(1268891718.547:13): user pid=1349 uid=0
auid=4294967295 ses=4294967295
subj=system_u:system_r:local_login_t:s0-s0:c0.c255 msg=''
[ 17.573083] type=1006 audit(1268891718.572:14): login pid=1349
uid=0 old auid=4294967295 new auid=1000 old ses=4294967295 new ses=1
[ 17.626760] type=2300 audit(1268891718.626:15): user pid=1349 uid=0
auid=1000 ses=1 subj=system_u:system_r:local_login_t:s0-s0:c0.c255
msg=''
[ 17.639043] type=1107 audit(1268891718.638:16): user pid=1270 uid=0
auid=4294967295 ses=4294967295 subj=system_u:system_r:initrc_t:s0
msg=''
[ 17.756669] type=1105 audit(1268891718.756:17): user pid=1349 uid=0
auid=1000 ses=1 subj=system_u:system_r:local_login_t:s0-s0:c0.c255
msg=''
[ 17.757523] type=1107 audit(1268891718.757:18): user pid=1270 uid=0
auid=4294967295 ses=4294967295 subj=system_u:system_r:initrc_t:s0
msg=''
[ 17.778843] type=1103 audit(1268891718.778:19): user pid=1349 uid=0
auid=1000 ses=1 subj=system_u:system_r:local_login_t:s0-s0:c0.c255
msg=''
[ 17.778988] type=1112 audit(1268891718.778:20): user pid=1349 uid=0
auid=1000 ses=1 subj=system_u:system_r:local_login_t:s0-s0:c0.c255
msg=''
[ 17.784500] type=1107 audit(1268891718.784:21): user pid=1270 uid=0
auid=4294967295 ses=4294967295 subj=system_u:system_r:initrc_t:s0
msg=''
[ 17.905611] type=1107 audit(1268891718.905:22): user pid=1270 uid=0
auid=4294967295 ses=4294967295 subj=system_u:system_r:initrc_t:s0
msg=''
good:
[ 7.413356] input: HID 05ac:820b as
/devices/pci0000:00/0000:00:06.0/usb4/4-1/4-1.3/4-1.3:1.0/input/input9
[ 7.413467] generic-usb 0003:05AC:820B.0006: input: USB HID v1.11
Mouse [HID 05ac:820b] on usb-0000:00:06.0-1.3/input0
[ 7.703644] type=1107 audit(1268893782.703:3): user pid=1297 uid=0
auid=4294967295 ses=4294967295 subj=system_u:system_r:initrc_t:s0
msg='avc: denied { shmemhost } for
scontext=system_u:system_r:syslogd_t:s0
tcontext=system_u:system_r:initrc_t:s0 tclass
[ 7.703649] : exe="/usr/sbin/nscd" sauid=0 hostname=? addr=? terminal=?'
[ 7.719890] type=1107 audit(1268893782.719:4): user pid=1297 uid=0
auid=4294967295 ses=4294967295 subj=system_u:system_r:initrc_t:s0
msg='avc: denied { shmempwd } for
scontext=system_u:system_r:syslogd_t:s0
tcontext=system_u:system_r:initrc_t:s0 tclass=nscd
[ 7.719895] : exe="/usr/sbin/nscd" sauid=0 hostname=? addr=? terminal=?'
[ 7.720580] type=1107 audit(1268893782.720:5): user pid=1297 uid=0
auid=4294967295 ses=4294967295 subj=system_u:system_r:initrc_t:s0
msg='avc: denied { shmemgrp } for
scontext=system_u:system_r:syslogd_t:s0
tcontext=system_u:system_r:initrc_t:s0 tclass=nscd
[ 7.720585] : exe="/usr/sbin/nscd" sauid=0 hostname=? addr=? terminal=?'
[ 7.940048] ip_tables: (C) 2000-2006 Netfilter Core Team
[ 7.957023] nf_conntrack version 0.5.0 (16384 buckets, 65536 max)
[ 7.957423] CONFIG_NF_CT_ACCT is deprecated and will be removed
soon. Please use
[ 7.957426] nf_conntrack.acct=1 kernel parameter, acct=1
nf_conntrack module option or
[ 7.957429] sysctl net.netfilter.nf_conntrack_acct=1 to enable it.
[ 8.181014] type=1107 audit(1268893783.180:6): user pid=1297 uid=0
auid=4294967295 ses=4294967295 subj=system_u:system_r:initrc_t:s0
msg='avc: denied { shmempwd } for
scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c255
tcontext=system_u:system_r:initrc_t:s0 tclass=nscd
[ 8.181019] : exe="/usr/sbin/nscd" sauid=0 hostname=? addr=? terminal=?'
[ 8.181709] type=1107 audit(1268893783.181:7): user pid=1297 uid=0
auid=4294967295 ses=4294967295 subj=system_u:system_r:initrc_t:s0
msg='avc: denied { shmemgrp } for
scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c255
tcontext=system_u:system_r:initrc_t:s0 tclass=nscd
[ 8.181714] : exe="/usr/sbin/nscd" sauid=0 hostname=? addr=? terminal=?'
[ 9.210425] type=1107 audit(1268893784.210:8): user pid=1297 uid=0
auid=4294967295 ses=4294967295 subj=system_u:system_r:initrc_t:s0
msg='avc: denied { shmempwd } for
scontext=system_u:system_r:crond_t:s0-s0:c0.c255
tcontext=system_u:system_r:initrc_t:s0 tclass=nscd
[ 9.210430] : exe="/usr/sbin/nscd" sauid=0 hostname=? addr=? terminal=?'
[ 9.211152] type=1107 audit(1268893784.210:9): user pid=1297 uid=0
auid=4294967295 ses=4294967295 subj=system_u:system_r:initrc_t:s0
msg='avc: denied { shmemgrp } for
scontext=system_u:system_r:crond_t:s0-s0:c0.c255
tcontext=system_u:system_r:initrc_t:s0 tclass=nscd
[ 9.211158] : exe="/usr/sbin/nscd" sauid=0 hostname=? addr=? terminal=?'
[ 12.564898] type=1107 audit(1268893787.564:10): user pid=1297 uid=0
auid=4294967295 ses=4294967295 subj=system_u:system_r:initrc_t:s0
msg='avc: denied { shmempwd } for
scontext=system_u:system_r:local_login_t:s0-s0:c0.c255
tcontext=system_u:system_r:initrc_t:s0 tclass=nscd
[ 12.564903] : exe="/usr/sbin/nscd" sauid=0 hostname=? addr=? terminal=?'
[ 15.853971] type=1107 audit(1268893790.853:11): user pid=1297 uid=0
auid=4294967295 ses=4294967295 subj=system_u:system_r:initrc_t:s0
msg='avc: denied { shmempwd } for
scontext=system_u:system_r:chkpwd_t:s0-s0:c0.c255
tcontext=system_u:system_r:initrc_t:s0 tclass=nscd
[ 15.853976] : exe="/usr/sbin/nscd" sauid=0 hostname=? addr=? terminal=?'
[ 15.865393] type=1100 audit(1268893790.865:12): user pid=1378 uid=0
auid=4294967295 ses=4294967295
subj=system_u:system_r:local_login_t:s0-s0:c0.c255
msg='op=PAM:authentication acct="justin" exe="/bin/login" hostname=?
addr=? terminal=/dev/tty1 res=success'
[ 15.868672] type=1101 audit(1268893790.868:13): user pid=1378 uid=0
auid=4294967295 ses=4294967295
subj=system_u:system_r:local_login_t:s0-s0:c0.c255
msg='op=PAM:accounting acct="justin" exe="/bin/login" hostname=?
addr=? terminal=/dev/tty1 res=success'
[ 15.893990] type=1006 audit(1268893790.893:14): login pid=1378
uid=0 old auid=4294967295 new auid=1000 old ses=4294967295 new ses=1
[ 15.955961] type=2300 audit(1268893790.955:15): user pid=1378 uid=0
auid=1000 ses=1 subj=system_u:system_r:local_login_t:s0-s0:c0.c255
msg='pam: default-context=justin:staff_r:staff_t:s0
selected-context=justin:staff_r:staff_t:s0: exe="/bin/login"
hostname=? addr=? terminal=tty1 res=success'
[ 15.968319] type=1107 audit(1268893790.968:16): user pid=1297 uid=0
auid=4294967295 ses=4294967295 subj=system_u:system_r:initrc_t:s0
msg='avc: denied { getpwd } for
scontext=system_u:system_r:local_login_t:s0-s0:c0.c255
tcontext=system_u:system_r:initrc_t:s0 tclass=nscd
[ 15.968324] : exe="/usr/sbin/nscd" sauid=0 hostname=? addr=? terminal=?'
[ 16.085919] type=1105 audit(1268893791.085:17): user pid=1378 uid=0
auid=1000 ses=1 subj=system_u:system_r:local_login_t:s0-s0:c0.c255
msg='op=PAM:session_open acct="justin" exe="/bin/login" hostname=?
addr=? terminal=/dev/tty1 res=success'
[ 16.086793] type=1107 audit(1268893791.086:18): user pid=1297 uid=0
auid=4294967295 ses=4294967295 subj=system_u:system_r:initrc_t:s0
msg='avc: denied { shmemgrp } for
scontext=system_u:system_r:local_login_t:s0-s0:c0.c255
tcontext=system_u:system_r:initrc_t:s0 tclass=nscd
[ 16.086798] : exe="/usr/sbin/nscd" sauid=0 hostname=? addr=? terminal=?'
[ 16.108104] type=1103 audit(1268893791.108:19): user pid=1378 uid=0
auid=1000 ses=1 subj=system_u:system_r:local_login_t:s0-s0:c0.c255
msg='op=PAM:setcred acct="justin" exe="/bin/login" hostname=? addr=?
terminal=/dev/tty1 res=success'
[ 16.108250] type=1112 audit(1268893791.108:20): user pid=1378 uid=0
auid=1000 ses=1 subj=system_u:system_r:local_login_t:s0-s0:c0.c255
msg='op=login acct="justin" exe="/bin/login" hostname=? addr=?
terminal=/dev/tty1 res=success'
[ 16.113829] type=1107 audit(1268893791.113:21): user pid=1297 uid=0
auid=4294967295 ses=4294967295 subj=system_u:system_r:initrc_t:s0
msg='avc: denied { shmempwd } for
scontext=justin:staff_r:staff_t:s0
tcontext=system_u:system_r:initrc_t:s0 tclass=nscd
[ 16.113834] : exe="/usr/sbin/nscd" sauid=0 hostname=? addr=? terminal=?'
[ 16.234781] type=1107 audit(1268893791.234:22): user pid=1297 uid=0
auid=4294967295 ses=4294967295 subj=system_u:system_r:initrc_t:s0
msg='avc: denied { shmemgrp } for
scontext=justin:staff_r:staff_t:s0
tcontext=system_u:system_r:initrc_t:s0 tclass=nscd
[ 16.234786] : exe="/usr/sbin/nscd" sauid=0 hostname=? addr=? terminal=?'
[ 18.651428] type=1107 audit(1268893793.651:23): user pid=1297 uid=0
auid=4294967295 ses=4294967295 subj=system_u:system_r:initrc_t:s0
msg='avc: denied { shmemhost } for
scontext=justin:staff_r:xauth_t:s0
tcontext=system_u:system_r:initrc_t:s0 tclass=nscd
[ 18.651430] : exe="/usr/sbin/nscd" sauid=0 hostname=? addr=? terminal=?'
maybe I need to adjust something in /etc/sysctl.conf for the print or
something.
added come CC's
--
Justin P. Mattock
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists